$_SERVER['HTTP_USER_AGENT'] 可以包含 '+' 符号吗?
Can $_SERVER['HTTP_USER_AGENT'] contain '+' symbol?
我想知道 $_SERVER['HTTP_USER_AGENT'] 是否可以使用 a + 而不是 space 输出用户代理。我在我的网站的投票系统中看到很多选票,在用户代理中使用加号,例如:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0
Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
我怀疑这是某种欺骗用户代理的作弊软件,但操作不当。这是真的吗,或者用户代理真的可以像这样吗?
你已经看到 user-agent headers can 看起来像这样,因为它们看起来像这样。 ;) 但是,real Mozilla 浏览器不会用 + 替换空格。您可以确定这不是 Mozilla 浏览器。
但是 HTTP standard 是怎么说的?
The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application.
让我们看看第 3.8 节
Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white space. By convention, the products are listed in order of their significance for identifying the application.
首先,标准将其定义为SHOULD 由客户端发送,这意味着根本没有必要。另一方面,第 3.8 节建议使用空格来分隔各个特征。但没有什么是真正标准化的。版本号可能类似于 CoolBrowser2+。也允许评论。
HTTP_USER_AGENT 和通过 $_SERVER 传递的其他数据的标准格式通常是由 </code> 分隔的一系列单词,即 <code>%20 URL编码。无论如何,这是一个标准,一种约定,user_agent 只是一种信息文本,而不是代码或语言:尽管如此,所有 'normal' 浏览器都会发送一个 HTTP_USER_AGENT要求遵守标准。如果您以一种奇怪的格式很好地看到它,那么有人可能会以您的费用在您的网站上进行实验...
我想知道 $_SERVER['HTTP_USER_AGENT'] 是否可以使用 a + 而不是 space 输出用户代理。我在我的网站的投票系统中看到很多选票,在用户代理中使用加号,例如:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0
Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
我怀疑这是某种欺骗用户代理的作弊软件,但操作不当。这是真的吗,或者用户代理真的可以像这样吗?
你已经看到 user-agent headers can 看起来像这样,因为它们看起来像这样。 ;) 但是,real Mozilla 浏览器不会用 + 替换空格。您可以确定这不是 Mozilla 浏览器。
但是 HTTP standard 是怎么说的?
The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application.
让我们看看第 3.8 节
Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white space. By convention, the products are listed in order of their significance for identifying the application.
首先,标准将其定义为SHOULD 由客户端发送,这意味着根本没有必要。另一方面,第 3.8 节建议使用空格来分隔各个特征。但没有什么是真正标准化的。版本号可能类似于 CoolBrowser2+。也允许评论。
HTTP_USER_AGENT 和通过 $_SERVER 传递的其他数据的标准格式通常是由 </code> 分隔的一系列单词,即 <code>%20 URL编码。无论如何,这是一个标准,一种约定,user_agent 只是一种信息文本,而不是代码或语言:尽管如此,所有 'normal' 浏览器都会发送一个 HTTP_USER_AGENT要求遵守标准。如果您以一种奇怪的格式很好地看到它,那么有人可能会以您的费用在您的网站上进行实验...