PHP主题切换器使用cookie [英] PHP Theme Switcher using a cookie

问题描述

我想要一个简单的方法更新我的网站CSS更广泛的可访问性。

I want a simple way to update my sites CSS for broader accessibility.

我发现这个，它看起来很有前途： http://php.about.com/od/finishedphp1/ss/css_switcher.htm

I found this and it looks promising: http://php.about.com/od/finishedphp1/ss/css_switcher.htm

这是它建议的PHP代码：

This is the PHP code it recommends:

index.php

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Theme Test</title>
<link rel="stylesheet" type="text/css" href="<?php echo (!$style)?'normal':$style ?>.css" />
</head>

<body>

 <form action="changestyle.php" method="post">
 <select name="choice">
 <option value="classic" selected>Classic View</option>
 <option value="holiday">Holiday View</option>
 <option value="normal">Normal View</option>
 </select>
 <input type="submit" value="Go">
 </form>

</body>
</html>

changestyle.php

changestyle.php

<?php 
 $Year =31536000 + time();
 setcookie ('style', $choice, $year);
 header("Location: $HTTP_REFERER"); 
 ?>

但是，由于样式表变量'style'显然未声明，因此失败。

However this fails as the stylesheet variable 'style' is apparently undeclared.

我缺少一些基本的东西？

Am I missing something basic?

推荐答案

它会对XSS漏洞开放，它甚至不会给你完整的工作代码！

That tutorial is far from promising, aside from the fact that it's open to XSS vulnerabilities it doesn't even give you complete working code!

尝试这个大小...

index.php

index.php

<link rel="stylesheet" type="text/css" href="<?php echo (!isset($_COOKIE['style'])?'normal':$_COOKIE['style']) ?>.css" />

changestyle.php

changestyle.php

<?php
$year = 31536000 + time();
setcookie('style', $_POST['choice'], $year);
header('Location: index.php');
exit();

这不会解决你的XSS问题（即有人改变'choice'

This won't solve your XSS problem (i.e. somebody changing the value of 'choice' to insert nasty code on your page) but should at least get it working.

为了参考，我会在index.php中检查cookie是否匹配硬编码的列表值，而不仅仅是回应值，因为任何人都可以更改此值（请参阅什么是Cross网站脚本和如何修复它？）。

For reference I would do a check in index.php to check the cookie matches a list of hard-coded values rather than just echo'ing out the value as anyone can change this (see What is Cross Site Scripting and How Can You Fix it?).

这篇关于PHP主题切换器使用cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！