PHP脚本无法收集调用html页面的文件名

时间:2014-01-29 00:21:27

标签: javascript php html contact-form

我正在尝试让mail.php脚本识别调用脚本的页面,并将用户返回到该页面,如果表单没有验证,则为空,等等。当我点击提交时,它只是404的。

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "email@email.com";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email'];
$comments = $_REQUEST['comment'];
$fname = $_REQUEST['first-name'];
$lname = $_REQUEST['last-name'];
$filename = debug_backtrace();
$page = $filename[0]['file'];

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
    $injections = array('(\n+)',
        '(\r+)',
        '(\t+)',
        '(%0A+)',
        '(%0D+)',
        '(%08+)',
        '(%09+)'
    );
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$str)) {
        return true;
    }
    else {
        return false;
    }
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
    header( "Location: $page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments) || empty($fname)) {
    echo "<script type=\"text/javascript\">window.alert('Please fill in the required fields.');
    window.location.href = $page;</script>";
    exit;
}

// If email injection is detected, redirect to the error page.
elseif (isInjected($email_address)){
    echo "<script type=\"text/javascript\">window.alert('Please, Try Again.');
    window.location.href = $page;</script>";
    exit;
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
    mail("$webmaster_email", "Feedback Form Results", $comments, "From: $email_address");
    echo "<script type=\"text/javascript\">window.alert('Thank You for contacting us!');
    window.location.href = $page;</script>";
    exit;
}
?>

1 个答案:

答案 0 :(得分:1)

无需debug_backtrace()。要获取引用页面,您可以替换它:

$filename = debug_backtrace();
$page = $filename[0]['file'];

有了这个:

$page = $_SERVER['HTTP_REFERER'];

但是,$_SERVER['HTTP_REFERER']根据PHP文档不可靠:

  

这是由用户代理设置的。并非所有用户代理都会设置此功能,有些用户可以将HTTP_REFERER修改为功能。简而言之,它无法真正被信任。

所以另一个解决方案是在引用表单中添加一个额外的字段,并在PHP脚本中检索它,例如

<input name="referrer" type="hidden" value="<?php echo $_SERVER['PHP_SELF'];?>"/>

然后:

$page = $_REQUEST['referrer'];
相关问题
最新问题