On Wed, 29 Sep 2004 22:03:07 +0100, PHP Tech <[EMAIL PROTECTED]> wrote:
>
> I thought by clicking the link this would be a form sending the url of the
> page to the next page and so I could then use $_GET to retrieve this. I
> also thought of using $_SERVER and getting the referer web address. Then I
> could use this in a hidden field and use the mail() function to mail it off.
>
I would try to limit the list of items I'm sending via email. For
example, have a set list of keywords that you generate the emails
based on, such as a product id, or a category name. Then you generate
the email based on that id, rather than doing, say, an fopen
("http://yoursite.com/page.php";) with the referring page. The latter
option would be insecure, especially if you don't sanity check the
referrer first. If you're dealing with a static site, and have to
grab actual HTML files, passing the the page name as a variable and
then doing a local fopen would be a better option. Checking for
problems before using the form data is the key to keeping this secure.
I imagine having pre-built templates for whatever I'm sending via
email, as I likely wouldn't want the exact same page that's displayed
on my website to be sent via email. I'd love to hear more specifics
on what you're trying to accomplish.
As for chesternovello.com, there is an awful lot of Javascript magic
happening. Not to mention that suspicious looking __VIEWSTATE
variable in the form. There's definitely something happening behind
the scenes there, it's more than just HTML.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
