Is this the best way to do this?

Square1

Hi all:

I am redirecting to a 404 page using .htaccess. On that 404 page I have a phpmailer sending me an email that there is a bad link on the page they just came from:

$body = "Something on ".htmlentities($_SERVER['HTTP_REFERER'])." is not working";

Is this the most efficient way to do this?

Thanks!

bradgrafelman

I'm confused; your thread title references security yet your only question seems to be about efficiency. The two topics are rather orthogonal, so I'll just go with the actual question...

For one, note that the 'Referer' header is completely optional and can even be intentionally disabled by user preference or simply stripped/filtered by intermediate gateways/proxies.

Instead, I would use $_SERVER['REDIRECT_URL'], something that should be set assuming your webserver is Apache and you've used the 'ErrorDocument' directive to handle 404 errors.

EDIT: Woops, missed the point that you're trying to get the page before the error. In that case, ignore the last bit about $_SERVER['REDIRECT_URL'] and simply know that you may get e-mails with no values for the referring URL.

Square1

I have been so hung up with security issues that I inadvertantly wrote that at first in the subject.

Your solution gives me different variable than my original way. If I have "MySite/test.php" with a link on that page pointing to "/misspelledPage.php?foo=bar" my way will show "test.php", the actual page with the problem link on it. Your way will show "misspelledPage.php". Actually finding both of these is probably the answer. The bad link and the page it is on.