8Nis
How to sanitize $_SERVER url variables?
An attacker used the HTTP_REFERER variable to inject Javascript by sending the following in the Header:
Referer:
javascript:alert(document.cookie)//a
This was present in $_SERVER['HTTP_REFERER'] and was evaluated in a "Back" button.
Besides the sanitation that I'll do in the back button, I want to sanitize $_SERVER variables in PHP in order to prevent future attacks.
Because I'm expecting a URL value for 'HTTP_REFERER' I tried this:
$_SERVER['HTTP_REFERER'] = filter_var($_SERVER['HTTP_REFERER'], FILTER_SANITIZE_STRING);
But the value wasn't changed. Same thing for this:
$_SERVER['HTTP_REFERER'] = filter_var($_SERVER['HTTP_REFERER'], FILTER_SANITIZE_URL, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
And this:
$_SERVER['HTTP_REFERER'] = htmlspecialchars($_SERVER['HTTP_REFERER'])
What's the best way to sanitize the following: 'HTTP_REFERER', 'PHP_SELF', 'REQUEST_URI' ?