Warning in header function

Question

I have the following piece of code

if ($_REQUEST['referer_url'] == "" ) {
  header("location: index.php");
  exit;
}
header('location: http://' . $_REQUEST['referer_url']);
exit;

And I get the error Warning: Header may not contain more than a single header, new line detected. This is because in the header it adds a new line. I tried doing an urlencode like suggested here on stackoverflow, but it redirect me to a server not found error with an odd url containing an undefined index within the url. What else can I try in order to maintain the $_REQUEST['referer_url']

Possible duplicate of http://stackoverflow.com/questions/8954971/cant-redirect-with-lot-of-variable-header-may-not-contain-more-than-a-single-h — Noman Ghani, May 07 '14 at 07:16
`var_dump($_REQUEST['referer_url'])` - what do you get? Also, which of the two `header` calls produces the warning? — deceze, May 07 '14 at 07:16
@HeroFTime same thing with `rawurlencode` - server not found... — Adrian, May 07 '14 at 07:17
@deceze I get `string(133) " Notice: Undefined index: referer_url in /home/bartechc/public_html/admin/login.php on line 105 " ` — Adrian, May 07 '14 at 07:18
That is bizarre! Do you have some weird custom error reporting settings?! Anyway, it gives you a hint as to the error, right? Try with properly capitalised array indices. See `var_dump($_REQUEST)`. — deceze, May 07 '14 at 07:20
HTTP uses line feeds to separate headers (and headers from body) thus a header value cannot contain a line feed. And you shouldn't inject raw input from untrusted sources in HTTP headers (or in SQL, HTML, JavaScript...) anyway. — Álvaro González, May 07 '14 at 07:21

score 1 · Accepted Answer · answered May 07 '14 at 07:19

1

Try this:

$redirect_url = isset($_SERVER['HTTP_REFERER']) && 
                !empty($_SERVER['HTTP_REFERER']) ?
                    $_SERVER['HTTP_REFERER'] : 'index.php';
header("Location: $redirect_url");
exit;

answered May 07 '14 at 07:19

Latheesan

23,247
32
107
201

score 0 · Answer 2 · answered May 07 '14 at 07:27

First need to check what you get in $_REQUEST['referer_url'] if you have full url then remove http:// from condition if blank it will be redirect to index.php try

$redirect = (!empty($_REQUEST['referer_url']) ? 'http://'.$_REQUEST['referer_url'] : 'index.php');
header("location: $redirect");
exit;

score 0 · Answer 3 · answered May 07 '14 at 07:30

0

Ever tried just to trim the referer?

http://php.net/trim

$myRefererUrl = trim($_REQUEST['referer_url']);    
header('location: '.(($myRefererUrl=='')?'index.php':$myRefererUrl));
exit;

With trim, you get rid of line breaks in strings ;)

answered May 07 '14 at 07:30

Paladin

1,637
13
28

score -1 · Answer 4 · answered May 07 '14 at 07:19

-1

Try encoding your URL first and it should work fine: http://php.net/manual/en/function.rawurlencode.php

answered May 07 '14 at 07:19

rajppari

54
6

Tried it and it redirect me to server not found + error. – Adrian May 07 '14 at 07:19

Warning in header function

4 Answers4