PHP _REQUEST redirect?

Question

I am reading a script but am stuck on understanding this:

$redirect = base64_decode($_REQUEST['redirect']);
header("Location:$redirect");exit;

because the redirect variable in REQUEST isn't defined anywhere in the script. Prior to this a POST form has been filled in, but there is NO mention of the redirect variable anywhere in the script so I am confused how it is not empty...

EDIT:

here's the form code below. btw like I said, the word 'redirect' doesn't appear ANYWHERE in the script, which is what is confusing me.

        <form name="login" action="{$baseurl}/login" method="post">
            {$lang12}
            <input type="text" name="username" />
            {$lang11}
            <input type="password" name="password" />
            <input type="submit" value="{$lang18}" />
            <div class="test"><a href="{$baseurl}/signup"><b>{$lang30}</b></a> - <a href="{$baseurl}/password">{$lang19}</a></div>
            <input type="hidden" name="authenticate" value="1" />
        </form>
        </div>

The $lang stuff is commonly appearing words from an array, e.g login, etc.

Answer 1

$_REQUEST

An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE.

So if you have $_POST['redirect'], $_GET['redirect'] or $_COOKIE['redirect'], $_REQUEST['redirect'] will be defined. Try to put:

var_dump($_POST['redirect']);
var_dump($_GET['redirect']);
var_dump($_COOKIE['redirect']);

To find out where it's coming from.

Answer 2

I don't think this is possible to answer for certain without seeing the actual code but $_REQUEST holds all the variables in $_GET, $_POST and $_COOKIE.

A form can actually populate both $_GET and $_POST if its method is set to 'post' and its action is a url with url encoded variables. Thus the form might be posting all of its data to a url and then adding get variables to the end of that url. For example:

<form method='post' action='example.php?var=test'>
    <input name='var2' id='var2' />
</form>

If that form were submitted, the following would be defined: $_POST['var2'], $_GET['var'], $_REQUEST['var2'], $_REQUEST['var'].

$_COOKIE could also be putting hidden variables in $_REQUEST.

Answer 3

it have so much possibility that the redirect variable is a cookies. if you cannot find it at the form.

var_dump($_REGISTER);

that will list all your input variable associated with POST, GET and COOKIES.

Answer 4

If it's not empty what's the content of it?

I think it should be something like this...

$redirect = base64_decode($_GET['redirect']);
if(!empty($redirect){
header("Location: $redirect");
exit;
}

It doesn't matter that it's not in the script, you can set it via GET, eg /yourform.php?redirect=index.php

Is it causing unwanted redirection?