Search:

Type: Posts; User: polarbear

Search: Search took 0.04 seconds.

  1. Re: Pass s_user_info message to ATTACK_DETECTION_URL

    Have a look at the very first post in this thread. It contains the PHP code of the modified Redirect function. It passes the user message as the URL parameter msg to the custom page.

    Here is a...
  2. Replies
    10
    Views
    11,562

    Re: Filter HTTP_REFERER

    I now added a PHP wrapper around formmail.php which does the following additional sanity checks:

    - Must be a POST request
    - Referrer can be empty but if set must match our domain
    - Check that...
  3. Replies
    10
    Views
    11,562

    Re: Filter HTTP_REFERER

    Russell,

    I did run into a snag with having the required parameter in the ini file: The ini file required parameter overrides the form hidden field parameters.

    For most forms I have different...
  4. Replies
    10
    Views
    11,562

    Re: Filter HTTP_REFERER

    Thank you for your suggestions.



    Good idea, will be done ASAP.

    Won't work as deriving field cannot be configured in ini files and they post directly to formmail.php.

    PB
  5. Replies
    10
    Views
    11,562

    Re: Filter HTTP_REFERER

    Unfortunately the junk is not in the normal fields, only in the referrer field.

    I have two cases:

    a) Two fields submitted: email and realname both empty, a long "junky" URL in the referrer. I...
  6. Re: Pass s_user_info message to ATTACK_DETECTION_URL

    Thank you for your consideration.

    As said above, I patched the current version so its not urgent for me, but ideally like to use the "out-of box" version.

    Probably not a lot of real people...
  7. Replies
    10
    Views
    11,562

    Re: Filter HTTP_REFERER

    )Yes I agree, since swapping over from nms Formmail to your Aussie product a fortnight ago, I reduced heaps of URL spam.

    But on a daily basis I have people calling the formmail.php script directly...
  8. Replies
    10
    Views
    11,562

    Filter HTTP_REFERER

    I know that formmail.php contains this comment and this is technically correct:


    // Note that HTTP_REFERER is easily spoofed, so there's no point in
    // using it for security.But a lot of...
  9. Pass s_user_info message to ATTACK_DETECTION_URL

    I suggest to pass on the user info message to the attack detection URL either as a POST or GET variable. Example see below.

    Currently I manually changed the formmail.php code (8.23) from:
    ...
Results 1 to 9 of 9