Created
November 19, 2012 13:06
-
-
Save mbjordan/4110542 to your computer and use it in GitHub Desktop.
HTTP Referral Masking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
session_start(); | |
/** | |
Setp 1. Get the query string variable and set it in a session, then remove it from the URL. | |
*/ | |
if (isset($_GET['to']) && !isset($_SESSION['to'])) { | |
$_SESSION['to'] = urldecode($_GET['to']); | |
header('Location: http://yoursite.com/path/to/ref-mask.php');// Must be THIS script | |
exit(); | |
} | |
/** | |
Step 2. The page has now been reloaded, replacing the original referer with what ever this script is called. | |
Make sure the session variable is set and the query string has been removed, then redirect to the intended location. | |
*/ | |
if (!isset($_GET['to']) && isset($_SESSION['to'])) { | |
$output = '<!DOCTYPE html> | |
<html> | |
<head> | |
<meta name="robots" content="none"> | |
<title>Referral Mask</title> | |
</head> | |
<body> | |
<h3>Redirecting...</h3> | |
<script>window.location.href="'.$_SESSION['to'].'"</script> | |
<a href="'.$_SESSION['to'].'">Here is your link</a> | |
</body> | |
</html>' . "\n"; | |
unset($_SESSION['to']); | |
echo $output; | |
exit(); | |
} | |
?> | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta name="robots" content="none"> | |
<title>Referral Mask</title> | |
</head> | |
<body> | |
<h1>Referral Mask</h1> | |
<p>This resource is used to change the HTTP Referral header of a link clicked from within our secure pages.</p> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<a href="/path/to/ref-mask.php?to=[Encoded URL]">Link</a> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment