util::get_referrer (public)

 util::get_referrer [ -relative ] [ -trusted ]

Defined in packages/acs-tcl/tcl/utilities-procs.tcl

Switches:
-relative (optional, boolean)
return the refer without protocol and host
-trusted (optional, boolean)
Returns:
referrer from the request headers.

Partial Call Graph (max 5 caller/called nodes):
%3 ad_page_contract ad_page_contract (public) util::get_referrer util::get_referrer ad_page_contract->util::get_referrer ad_page_contract_handle_datasource_error ad_page_contract_handle_datasource_error (public) ad_page_contract_handle_datasource_error->util::get_referrer packages/acs-lang/www/change-locale-include.tcl packages/acs-lang/ www/change-locale-include.tcl packages/acs-lang/www/change-locale-include.tcl->util::get_referrer packages/acs-subsite/www/shared/session-update.tcl packages/acs-subsite/ www/shared/session-update.tcl packages/acs-subsite/www/shared/session-update.tcl->util::get_referrer packages/categories/lib/map.tcl packages/categories/ lib/map.tcl packages/categories/lib/map.tcl->util::get_referrer util::external_url_p util::external_url_p (public) util::get_referrer->util::external_url_p

Testcases:
No testcase defined.
Source code:
    set url [ns_set iget [ns_conn headers] Referer]
    #
    # Don't return untrusted header field when -trusted was
    # specified. An attacker might to sneak in e.g. a JavaScript URL.
    #
    if { $trusted_p && [util::external_url_p $url]} {
        ns_log warning "someone tried to sneak in an untrusted referrer '$url'"
        set url ""
    }
    if {$relative_p} {
        # In case the referrer URL has a protocol and host remove it
        regexp {^[a-z]+://[^/]+(/.*)$} $url . url
    }
    return $url
XQL Not present:
PostgreSQL, Oracle
Generic XQL file:
packages/acs-tcl/tcl/utilities-procs.xql

[ hide source ] | [ make this the default ]
Show another procedure: