I need to determine whether or not a page is passing a form to our internal site. We need to redirect if the page comes from an outside domain.
A coworker came up with this code:
<cfif isDefined("form")>
<cfif not findnocase("our_domain", http_referer)>
<cflocation url="redirect_link">
</cfif>
</cfif>
I don't think he is using isDefined()
properly because isDefined()
looks for a variable. We need to look for the form itself. I've also looked into structKeyExists()
, but again, this looks for variables within the form. How can I look for the form itself?
There's two ways. You can check CGI.REQUEST_METHOD to check for whether a POST is being sent.
You can also check structKeyExists(form,"fieldNames")
which will only be the case when a form has actually been submitted.
Although not in the question, I'd also avoid referencing http_referer without a scope. Use CGI.http_referer as it's easier to read. You could also combine the test for FORM and the external referer into one statement:
<cfif structKeyExists(form,"fieldNames") AND NOT findnocase("our_domain", CGI.http_referer)>
<cflocation url="redirect_link">
</cfif>
Also, you know that the redirect won't carry any of the form fields over with it? I'm guessing that's what you want, but it's worth mentioning.