19 Jul
2011
19 Jul
'11
8:47 p.m.
On 07/19/11 1:28 PM, Ray Leventhal wrote:
Example:http://www.domain.com/pagedoesnotexist returns the expected 404
But browse to a page that does exist, like goodpage.php, then append either a slash and some random string, or a ?=somerandomstring and the goodpage.php is still displayed.
I'll gladly provide more info, if needed. Any pointers on where to look would be truly appreciated.
your php page should examine the arguments and if there's anythign there unexpected, it should force the 404 via
{ header ('Location: '.$newReq); header ('HTTP/1.0 404 Page Not Found'); die; // Don't send any more output. }
or whatever...
--
john r pierce N 37, W 122
santa cruz ca mid-left coast