php-$_SERVER [‘HTTP_USER_AGENT’]可以包含”符号吗?
作者:互联网
我想知道$_SERVER [‘HTTP_USER_AGENT’]是否可以用而不是空格输出用户代理.我看到我的网站的投票系统正在使用用户代理中的加号进行很多投票,例如:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0
Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
我怀疑这是欺骗用户代理的某种作弊软件,但是做错了.这是真的吗,或者用户代理真的可以这样吗?
解决方法:
您已经看到用户代理标头看起来像这样,因为它们看起来像这样. ;)但是,真正的Mozilla浏览器不会将替换为.您可以确定这不是Mozilla浏览器.
但是HTTP standard怎么说呢?
The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application.
让我们看一下第3.8节
Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white space. By convention, the products are listed in order of their significance for identifying the application.
首先,该标准将其定义为应由客户端发送,这意味着完全没有必要.另一方面,第3.8节建议使用空格来分隔各个要素.但是没有真正标准化的东西.版本号可能看起来像CoolBrowser2.也允许评论.
标签:user-agent,php 来源: https://codeday.me/bug/20191120/2041945.html