Regularly used by webmasters, redirects are practical in many cases. For example, if you want to redirect users trying to access pages prohibited.

It is this that poses the most problems.

Most webmaster uses the PHP header () (which is the best solution in my opinion):

void header ( string $string [, bool $replace [, int $http_response_code ]] )

This function does that send to the client an HTTP request, in our case Location: asking (and not the obligation) to exit the preference for another. Giving if you want to send the visitor to index.php:

< ?php header (’Location: index.php’); ?>

Very good.
However, this code is not safe!
The problem

Imagine you are a webmaster and you want to redirect a visitor tries to access a page of your hotel, logically you include this code to your page:

<?php
//$not_admin = false;
if(!$not_admin){
header(’Location: index.php’);
}
echo ‘Boujour grand admin’;
?>

A simple HTTP GET (see code rub y) allows any user to access your administration page.

#!/usr/local/bin/ruby
require ‘net/http’
require ‘uri’
Net::HTTP.get_print URI.parse(’http://localhost/admin/private.php’)

Result:

shell> ruby get.rb
Boujour grand admin

Indeed, it may refuse to redirect. Practice in our case it is not redirected to index.php, the following code header () is executed by the server and displayed. To avoid this, only one solution: put a exit (); (or die ()) after each header ( ‘Location: …’).

These two functions stop interpreting the code php. Thus, whether one accepts the redirect or not, nothing else will not be run at the server level.

<?php
//$not_admin = false;
if(!$not_admin){
header(’Location: index.php’);
exit;
}
echo ‘Boujour grand admin’;
?>
Conclusion

Always forward your header ( ‘Location: …’) by an exit or die, so that hackers can access your documents. Major applications are affected, it is in Thelia recently, script e-Commerce, a vulnerability was found leading many possibilities …