I have a URL like below:
https://example.com/en/search/result?keys=test"><script>alert('helloworld')</script>
I need to replace special characters with their respective URL Encodings like below:
& → %26
< → %3C
→ %3E
” → %22
' → %27
( → %28
) → %29
So URL will essential become like this:
https://example.com/en/search/result?keys=test"%3E%3Cscript%3Ealert%28%27helloworld%27%29%3C/script%3E
Is there any way to escape special characters in query string?
I used this to replace tags but all it does is remove the tags.
RewriteCond %{QUERY_STRING} ^keys=(.*)("\>)(\<|%3C).*script.*(\>|%3E) [NC] RewriteRule ^ %{REQUEST_URI}?keys=%1 [B,L,R]
Related
I have a link like this
www.example.com/profile.php?name=sagar123
I used this rule:
RewriteRule ^profile/([a-zA-Z0-9_-]+)$ profile.php?name=$1 [L]
and now I can chang my URL to like this:
www.example.com/profile/sagar123
everything is fine but, now I want to use Hindi language characters also like this
www.example.com/profile.php?name=सागर (It's working fine)
www.example.com/profile/सागर (It is not working and showing Server error)
Please help me to write a rule or regex to accept all ([a-zA-Z0-9_-]+) and also Hindi Character.
Thanks and regards,
Hindi chars falls between \u0900-\u097F range. So you can use this inside character class.
To answer your question, most regexes(PCRE) do not support \u notation and support format of \x{900}
([\x{900}-\x{97F}a-zA-Z0-9_-]+)$
In python \u is supported, so :
([\u0900-\u097Fa-zA-Z0-9_-]+)$
see this for regex matching demonstrating both English and Hindi chars getting matched.
Also, see this for reading literal hindi char mapped to their hex values.
Use the (.*) regex class to match any type of character.
Also, you don't need the + operator at the end in your capturing ( and ) parens, as you're using ^ to indicate the beginning of the URL line, and $ to indicate its end, so a + greedy operator doesn't get you anything extra.
It should look like...
RewriteRule ^profile/(.*)$ profile.php?name=$1 [L]
If you need further info, I recommend taking a look at Apache.org: Apache mod_rewrite Introduction. They cover most of the characters I've discussed in this post up to this point: ., (, ), +, etc..
In my case when I try to redirect a URL with special characters automatically the special characters removed.
How to add a redirect in this case.
From URL
www.domain1.com/blog/test-blog
To URL
www.domain2.com/test%3a-test1%2a
This is my redirect code
RewriteRule ^blog/test-blog?$ https://domain1.com/test%3a-test1%2a [R=301,L]
But the special characters in the URL %3 and %2 got removed.
You need to escape % in target otherwise it is referenced as back-reference for capture groups in RewriteCond. Moreover you will have to NE flag to avoid escaping % in target URL.
RewriteRule ^blog/test-blog/?$ https://domain2.com/test\%3a-test1\%2a [R=301,L,NE,NC]
I want to allow in url (1-9 , a-z, A-z, -, _ , %)
I have below code in htaccess
RewriteRule ^shop/search/([a-zA-Z0-9_-]+)/?$ shop.php?search=$1 [QSA,NC]
Issue : when space is passed in url
Example
domain.com/shop/search/my%20keyword
It is not working
Basically i want to allow % in url via htaccess
How to do it?
... it is matched against the (%-decoded) URL-path of the request ...
source, emphasis mine.
mod_rewrite never sees the %, it decodes the %20 to a space. If you want to accept %20 in the URL then add space to the character class.
Basically i want to allow % in url via htaccess How to do it?
You can use this rewrite rule with negative character class:
RewriteRule ^shop/search/([^/]+)/?$ shop.php?search=$1 [QSA,NC,L]
[^/]+ will match 1 or more of any character that is not / hence it will match whitespace or any other decoded character also that you want to match.
I'm wanting to make a URL look pleasing to the eye.
from
/index.php?a=grapes
to
/grapes
Although, I'm having a few problems. I wanted a to have a wider variety of characters like a-z A-Z 0-9 / _ - . [ ].
from
/index.php?a=Grapes.Are.Green/Red[W4t3r-M3l0n_B1G_Gr4p3]
to
/Grapes.Are.Green/Red[W4t3r-M3l0n_B1G_Gr4p3]
In the index.php file I have
<?php
$a = $_GET["a"];
echo $a;
?>
just to test the URL is working correctly.
Right now what I have in .htaccess
RewriteEngine On
RewriteRule ^([a-zA-Z0-9/_]+)?$ index.php?a=$1
only accepts a-z A-Z 0-9 / _.
If I add - into the square brackets and have it as one of the
characters which a equals I get the 404 error.
If I add . into the square brackets I get index.php outputted.
If I add [ or ] I get the 404 error.
If anyone has a solution I'd love to see it. Also, if anyone has time please could you explain each part of the RewriteRule saying what the part does. Thanks!
The problem is that some of your character are "special":
Special characters:
(full stop) - match any character
* (asterix) - match zero or more of the previous symbol
+ (plus) - match one or more of the previous symbol
? (question) - match zero or one of the previous symbol
\? (backslash-something) - match special characters
^ (caret) - match the start of a string
$ (dollar) - match the end of a string
[set] - match any one of the symbols inside the square braces.
(pattern) - grouping, remember what the pattern matched as a special variable
So if you want to use them in a url, you have to scape them.
For example
.s?html? matches ".htm", ".shtm", ".html" or ".shtml"
RewriteEngine On
RewriteRule ^(.*)$ index.php?a=$1 [QSA]
The [QSA] thing at the end is what made it work :) Thanks to jedwards for suggesting to use ^(.*)$ which accepts all characters.
I have a rewrite rule that rewrites domain.co.uk/member.php?x=$member to domain.co.uk/$member
It looks like this:
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ member.php?x=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ member.php?x=$1
I've tried to just add ' and # to the square brackets but then I get a 500 internal server error. I need these characters for peoples usernames
How do I do this?
# is used to specify user and password in a URI string like this:
http://user:passw...#host/path.
You need to urlencode it: %40
Your path will be: /user%40foo.com or something like this
This should work
From RFC 1738:
The characters ";", "/", "?", ":",
"#", "=" and "&" are the characters
which may be reserved for special
meaning within a scheme. No other
characters may be reserved within a
scheme.
and:
Thus, only alphanumerics, the special
characters "$-_.+!*'(),", and
reserved characters used for their
reserved purposes may be used
unencoded within a URL.
What you should do:
Encode the '#' to %40.
Escape the single quote like in the .htaccess like so: \'