[horde] Potentially Dangerous URL
Jan Schneider
jan at horde.org
Sat Jul 16 08:49:13 PDT 2005
Zitat von Martin Lohmeier <martin at mein-horde.de>:
> Jan Schneider wrote:
>> Zitat von Martin Lohmeier <martin at mein-horde.de>:
>>
>>
>>> can someone tell my why URL that point to the same host are potentially
>>> dangerous (see horde/services/go.php)?
>>
>>
>> Because it is an URL created from user input that might trigger an
>> action inside Horde.
>
> Maybe it's a good idea to compare the applications webroot with the url
> (in addition to the hostname). This way it is possible to determine if
> the url points into horde or not.
This is not possible, because go.php doesn't load any framework code.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the horde
mailing list