Search the Community
Showing results for tags 'url rewriting'.
-
Hi all, I have a security problem with my website who is a social network (like facebook). Let's me Explain : You can execute this page on my website. www.SocialNetWork.com/ChangeStatus.php?param=Hello So your status become "Hello". On your profile, you can create a link to a picture on the web, for example : <img src='http://www.hacking.com/pic.jpg'> The problem is that a "hacker" create several russian girl profile and made links to pic.jpg on his server, and this .jpg file rewrite URL to : www.SocialNetWork.com/ChangeStatus.php?param=Suck. So when you visite his profil, the php code is launched, and the status OF THE VISITOR is changed ! I have no idea of how to stop this ? If i check the variable : $_SERVER['HTTP_REFERER'] The value is empty or www.SocialNetWork.com, but never www.hacking.com ... How can i stop the fact that a foreign picture could launch a php page on my website ? thanks for help ! ps: sorry for my english
-
hello, on click this link, i am redirecting to page-listing-category.php page. and all listing are shown there. http://domain-name/listing-category/?a=hello but i want this link as http://domain-name/listing-category/hello ... i use this code in function.php add_rewrite_tag("%a%",'([0-9]+)'); $a = get_query_var("a"); // Wordpress way add_rewrite_rule('listing-category/([0-9]+)/?$', 'index.php?page_id=page-listing-category&a=$matches[1]', 'top'); add_rewrite_tag("%a%",'([0-9]+)'); add_rewrite_rule('listing-category/([0-9]+)/?$', 'index.php?page_id=page-listing-category&a=$matches[1]', 'top'); $wp_rewrite->flush_rules(); but, problem is the above isn't working ... can anypne suggest me something on this. ?? thanks.
- 4 replies
-
- url rewriting
- wordpress
-
(and 1 more)
Tagged with: