ID: 525
Viewed: 3492
Added: Feb 19, 2004
Version: 1.0
Snippet uploaded by: snippet
Written By: Putts
Demo: Sorry, no demo
Thank you for your vote. Please wait...
It appears you already voted for this snippet
It appears your vote value was empty
When developing an input form and I want to build some page validation scripts, I prefer to use client-side so I that can do fancy stuff like highlighting fields that aren\'t filled out correctly and what not. However, the big concern with using just client-side scripting is that someone could always d/l the source to your entry form, put in their own submit button and submit the page with invalid values back to your site by explicitly setting the form action to point to your site.
Well, here is a blocker to stop such attacks on your forms. It\'s a simple little function that verifies that the server making the request matches the server that is processing it.
Well, here is a blocker to stop such attacks on your forms. It\'s a simple little function that verifies that the server making the request matches the server that is processing it.
<!---Head--->
<%
Function sameServer()
dim strSource,arrSource
arrSource = split(request.ServerVariables("HTTP_REFERER"),"/")
strSource = arrSource(2)
if lcase(request.ServerVariables("SERVER_NAME")) = lcase(strSource) then
sameServer = ""
else
sameServer = strSource
end if
End Function
%>
<!---Body--->
// in the page that processes the form info
// call the function.
<%
dim strResult
strResult = sameServer()
if strResult = "" then
Response.write("Congrats")
else
Response.write("Processing not allowed from " & strResult)
end if
%>
No Comments to show
Please completely fill out the form below if you want to review this snippet. All reviews are subject to validation.
Adding your comment. Please wait...
Thanks for adding your comment!. After further review it will be added.
There was a problem adding your comment. Please try again.
Please complete all the fields in the form before sending.