[horde] Potentially Dangerous URL
jan at horde.org
Sat Jul 16 08:49:13 PDT 2005
Zitat von Martin Lohmeier <martin at mein-horde.de>:
> Jan Schneider wrote:
>> Zitat von Martin Lohmeier <martin at mein-horde.de>:
>>> can someone tell my why URL that point to the same host are potentially
>>> dangerous (see horde/services/go.php)?
>> Because it is an URL created from user input that might trigger an
>> action inside Horde.
> Maybe it's a good idea to compare the applications webroot with the url
> (in addition to the hostname). This way it is possible to determine if
> the url points into horde or not.
This is not possible, because go.php doesn't load any framework code.
Do you need professional PHP or Horde consulting?
More information about the horde