Asked  7 Months ago    Answers:  5   Viewed   27 times

I'm using $_SERVER['HTTP_REFERER'] to generate a dynamic back link.

<a href="<?php echo $_SERVER['HTTP_REFERER'] ?>">Return to..blah</a>

Is it reasonably safe to do so?

 Answers

43

Not like that.

It might not be present. (It might be wrong, some personal firewall packages obfuscate the referer for privacy reasons, violating the HTTP spec along the way)

You should run anything coming from outside your system through htmlspecialchars to guard against XSS attacks (although, IIRC, the referer should never have any dangerous characters in it as they should be URL safe you should keep in the habit of always being cautious).

Browsers come with back buttons though, there is no need to try to duplicate their functionality (especially when, with this, if the user clicks a link marked "back" it doesn't take them back in their history, so clicking the normal back button will conceptually take them forwards).

Wednesday, March 31, 2021
 
mattltm
answered 7 Months ago
95

No, you can use you first method and not fill the memory with duplicate data. The only concern here is to validate it before using, and if you copy it to another variable, you need to do same on it also.

Wednesday, March 31, 2021
 
Shibbir
answered 7 Months ago
68

It's just a warning to show that there is no password for the default user root. If you want to set password for root:

  1. Open phpmyadmin interface
  2. Click "Users" tab
  3. Select user "root"
  4. Edit Privileges
  5. Change password
Saturday, May 29, 2021
 
Lance
answered 5 Months ago
33

Recheck the API key or create a new one like here. I was having the same issue and the problem was that I was restricting the key to the wrong package name.

  • Go to the Library page in the Google APIs Console.
  • Search for the Android Device Verification API. When you've found the API, click on it. The Android Device Verification API dashboard screen appears.
  • If the API isn't already enabled, click Enable.
  • If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list and select the API key that is associated with the project for which the Android Device Verification API is enabled.
  • In the sidebar on the left, click Credentials. Copy the API key that appears.
Thursday, August 26, 2021
 
Felix Lamouroux
answered 2 Months ago
60

The ixset library (or ixset-typed, a more type-safe version) will help you with this. It's the library that backs the relational part of acid-state, which also handles versioned serialization of your data and/or concurrency guarantees, in case you need it.

The Happstack Book has an IxSet tutorial.


The thing about ixset is that it manages "keys" for your data entries automatically.

For your example, one would create one-to-many relationships for your data types like this:

data User =
  User
  { name :: String
  , birthDate :: Date
  } deriving (Ord, Typeable)

data Message =
  Message
  { user :: User
  , timestamp :: Date
  , content :: String
  } deriving (Ord, Typeable)

instance Indexable Message where
  empty = ixSet [ ixGen (Proxy :: Proxy User) ]

You can then find the message of a particular user. If you have built up an IxSet like this:

user1 = User "John Doe" undefined
user2 = User "John Smith" undefined

messageSet =
  foldr insert empty
  [ Message user1 undefined "bla"
  , Message user2 undefined "blu"
  ]

... you can then find messages by user1 with:

user1Messages = toList $ messageSet @= user1

If you need to find the user of a message, just use the user function like normal. This models a one-to-many relationship.

Now, for many-to-many relations, with a situation like this:

data User =
  User
  { name :: String
  , birthDate :: Date
  , messages :: [Message]
  } deriving (Ord, Typeable)

data Message =
  Message
  { users :: [User]
  , timestamp :: Date
  , content :: String
  } deriving (Ord, Typeable)

... you create an index with ixFun, which can be used with lists of indexes. Like so:

instance Indexable Message where
  empty = ixSet [ ixFun users ]

instance Indexable User where
  empty = ixSet [ ixFun messages ]

To find all the messages by an user, you still use the same function:

user1Messages = toList $ messageSet @= user1

Additionally, provided that you have an index of users:

userSet =
  foldr insert empty
  [ User "John Doe" undefined [ messageFoo, messageBar ]
  , User "John Smith" undefined [ messageBar ]
  ]

... you can find all the users for a message:

messageFooUsers = toList $ userSet @= messageFoo

If you don't want to have to update the users of a message or the messages of a user when adding a new user/message, you should instead create an intermediary data type that models the relation between users and messages, just like in SQL (and remove the users and messages fields):

data UserMessage = UserMessage { umUser :: User, umMessage :: Message } 

instance Indexable UserMessage where
  empty = ixSet [ ixGen (Proxy :: Proxy User), ixGen (Proxy :: Proxy Message) ]

Creating a set of these relations would then let you query for users by messages and messages for users without having to update anything.

The library has a very simple interface considering what it does!

EDIT: Regarding your "costly data that needs to be compared": ixset only compares the fields that you specify in your index (so to find all the messages by a user in the first example, it compares "the whole user").

You regulate which parts of the indexed field it compares by altering the Ord instance. So, if comparing users is costly for you, you can add an userId field and modify the instance Ord User to only compare this field, for example.

This can also be used to solve the chicken-and-egg problem: what if you have an id, but neither a User, nor a Message?

You could then simply create an explicit index for the id, find the user by that id (with userSet @= (12423 :: Id)) and then do the search.

Saturday, September 4, 2021
 
Margaret
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :