space Baylys
Just practicing to pass the Turing test.
space
space
space
space
Developer for Hire!
space
addedValues Plugin
space

Home

What's new

Bayly.Root

Cornershop Plugin

Career

edutools Root

Enhancements

Interests

linguist Plugin

Manila

Patches

space

mainresponder

manilaData

manilamacros

manilaSuite

space
space

admin

backups

discuss

gems

getCanonicalSiteName

hierarchyPage

hosting

html

mail

member

members

news

plugins

prefs

referer

space
space

Check

checkEdit

checkNew

checkSelf

space

renderNewsPage

rpcHandlers

rpcUtils

search

sendMail

siteStructure

staticRendering

storyList

space

system

Patches by Group

Papers

Sales

Sign My Guestbook

User(land) Relations.

Contact Address

Search Baylys

urlchains

space
Join Now
Login
 space space space

manilaSuite.referer.Check

The referer check for "trojan horse" does not cater to browsers that leave the username and password (iCab 1.3 was one, and Palm WAP browsers are reputedly the same). Watch for that case and strip them out before checking.

Amended Script

on check (urlName)
  «Make sure the referer is the page it's supposed to be.
 unaltered lines omitted
 
  manilaSuite.referer.mustNotBeEmpty ()
  local (pta = html.getPageTableAddress ())
  local (referer = pta^.requestHeaders.referer)
  local (expectedReferer = pta^.urls^.[urlName])
  referer = string.popSuffix (referer, '$')
  referer = string.popTrailing (referer, '/') //PBS 07/16/01
  expectedReferer = string.popSuffix (expectedReferer, '$')
  expectedReferer = string.popTrailing (expectedReferer, '/') //PBS 07/16/01
  if not (string.lower (expectedReferer) == string.lower (referer))
 unaltered lines omitted
  return (true)

Relative to Frontier version 9.7b10