Page 1 of 1

if (isset($_GET['worked']) && $_GET['worked'] == '1') {

Posted: Thu Jul 15, 2010 2:26 pm
by bajere
Hi all,

Small question, i have a form, and i just want to show the info from that form inside of this;

if (isset($_GET['worked']) && $_GET['worked'] == '1') {

}

I can get the text to show, but the .$_POST["name"]. wont appar :banghead: is it because its in this command, or am i using post and not the correct method?!?

any help would be great, as you can tell, i am a compleate beginner.

Thanks :)

here are some code snippets:

Code: Select all


<?php
$name = $_POST["name"];
$message = $_POST["message"];

if($name)
{header( 'Location: same-page.php?worked=1' ) ;}

?>



<head>
</head>

<body>
  
 <?php
 		 
if (isset($_GET['worked']) && $_GET['worked'] == '1') {
  
    echo "Thank you ".$_POST["name"].", for your message:". $_POST["message"];
  
  
  }
  
  ?>
  

  
  <form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="POST">
  
    	<h3>Name:</h3>
        <input name="name" type="text" class="single-line"/>
      	<br />
      	<h3>Message:</h3>
      	<textarea name="message" class="multi-line"></textarea>
      	<br />
      	<input type="image" class="input_button" src="images/submit.jpg" alt="Submit">
      
  </form>
  
 


Re: if (isset($_GET['worked']) && $_GET['worked'] == '1') {

Posted: Thu Jul 15, 2010 3:30 pm
by requinix

Code: Select all

header( 'Location: same-page.php?worked=1'  ) ;
If you redirect then you'll lose all information that was POSTed to you.

Try

Code: Select all

<head>
</head>

<body>
 
 <?php
                 
if (isset($_GET['worked']) && $_GET['worked'] == '1') {
 
    echo "Thank you ".$_POST["name"].", for your message:". $_POST["message"];
 
 
  }
 
  ?>
 

 
  <form action="<?php echo $_SERVER["PHP_SELF"]; ?>?worked=1" method="POST">
 
        <h3>Name:</h3>
        <input name="name" type="text" class="single-line"/>
        <br />
        <h3>Message:</h3>
        <textarea name="message" class="multi-line"></textarea>
        <br />
        <input type="image" class="input_button" src="images/submit.jpg" alt="Submit">
     
  </form>
Though I'm sure you don't care about it now I'll mention it anyways: you're open to cross-site scripting.

Re: if (isset($_GET['worked']) && $_GET['worked'] == '1') {

Posted: Thu Jul 15, 2010 3:50 pm
by bajere
ah i see, makes sense now you have pointed that out.

Thanks for the help :D

Also, its only for a demo/mock up, but i would be very interested in knowing how to do this with out the risk of cross-site scripting... I may need to put something like this into production. Would be great.

Re: if (isset($_GET['worked']) && $_GET['worked'] == '1') {

Posted: Thu Jul 15, 2010 4:06 pm
by requinix
Basically, if you ever use something in $_GET, $_POST, or $_COOKIE you need to run it through a function before you use it. When displaying it in HTML use htmlentities.
If you want to see the exploit in action, use

Code: Select all

<script>alert("XSS");</script>
for the name or the message. If that doesn't present a popup dialog then you're unlucky enough to have magic_quotes enabled. That doesn't protect you against this - it just makes it a bit harder.

On a related note, PHP_SELF is also insecure for the same reasons, even though it isn't in one of those three arrays - but note that above I didn't say "...and everything else is safe".

Code: Select all

<head>
</head>

<body>
 
 <?php
                 
if (isset($_GET['worked']) && $_GET['worked'] == '1') {
 
    echo "Thank you ".htmlentities($_POST["name"]).", for your message:". htmlentities($_POST["message"]);
 
 
  }
 
  ?>
 

 
  <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>?worked=1" method="POST">
 
        <h3>Name:</h3>
        <input name="name" type="text" class="single-line"/>
        <br />
        <h3>Message:</h3>
        <textarea name="message" class="multi-line"></textarea>
        <br />
        <input type="image" class="input_button" src="images/submit.jpg" alt="Submit">
     
  </form>

Re: if (isset($_GET['worked']) && $_GET['worked'] == '1') {

Posted: Thu Jul 15, 2010 5:15 pm
by bajere
cool! thanks for the info :D