I'm developing a PHP site which I take parameters and I process its data according by the given parameters, however I'm having a bit of a problem with a specific URL query, looking at this What do a question mark (?) and an ampersand (&) mean in a URL? I understood a bit more how parameters works, but I still need to know what's causing the issue.
the url in question is: http://mydomain.xyz/load.php?char=HellHound&Platform=Win32NT&id=ab38df8h3ff&host=http://mydomain.xyz/
the host parameter, is not getting parsed by PHP, and is instead getting thrown as a (Access Denied) 403 error, I have spoken to my web host and they claim it's not an issue with the actual server or the file system, but with the development itself, so here I am.
How can I process this parameter so it doesn't defaults to 403 every single time?
This is the code in load.php (right now it's just a place holder)
<?php
var_dump($_GET['host']);
//var_dump($_GET['char']);
//var_dump($_GET['Platform']);
//var_dump($_GET['id']);
//echo "success";
?>
Whenever I try to use var_dump() or anything similar it won't just process the content it will automatically redirect to 403
Related
Have a program written, working well, using $_GET parameters, submitted from a form, to load a query a file in SQL, displaying the results.
Currently migrating the program into the Wordpress framework and am running into some strange behaviour.
Although the page loads well with no parameters, attempting to invoke the php parameters in the standard way, the page has no idea what is going on, and returns a 404 error.
URL's sent to broswer look like
"home/program/?parameter1=1 & paraemeter2 =2...etc for up to 28 parameters"
-> 404 error.
Strangely, the browser can be made to at least recognize the page by adding a '$' before parameter1; however, parameter1 no longer behaves properly.
"home/program/?$parameter1=1 & paraemeter2 =2...etc"
-> parameters after the first work as expected
What could explain Wordpress's reluctance to interpret the code in the standard way?
What effect is the "$" having?
The first parameter name was "artist", but this apparently caused some conflict with some already-used or reserved word somewhere in the vastness of wordpress and associated theme.
changing every instance of "artist" with "producer" (in the code, and all the database tables and stored procedures) cleared up the problem :).
One semi-comprehensible error message could have avoided a lot of angst.
Thanks for the consideration
This question already has an answer here:
Friendly URLs in PHP
(1 answer)
Closed 1 year ago.
I am used to SEND all sorts of requests to 'foreign' URLs or to my Website Server URL and receive responses and such.
And thus, i am used to receive requests as well.
BUT
Only if it targets a PHP file like so : http://www.example.com/file.php
In order for a core part of my future website feature to work, i need to be able to listen to a GET request made to a "blank" url like so : http://www.example.com/blank/?key1=value1&key2=value2
Is there a way to 'run' a PHP script whenever this URL is called ? Even if it is not targeted directly in the request ? Any other script ?
I'm kinda ignorant when it comes to server-side mecanisms.
EDIT :
I have tried to create a file.PHP with the following :
$key1 = $_GET['key1'];
$key2 = $_GET['key2'];
echo "$key1 and $key2";
but response is 403 (forbidden)
EDIT2 : To my moderator : the question linked is not the exact same question as mine. He asks to hide the file extension, i ask how to target a directory. Even if the answer has the same source (htaccess) it is not the same thought process.
Further more, my title explicitely mentions requests (hence the tags API and ESI) and not only the php subject.
In general: Yes but how to do it exactly depends on your web server software. For Apache for example, you can use a .htaccess file to create rewrite rules to make paths matching a certain pattern (e.g. /blank/<whatever>) behave as if they were another path (e.g. /blank.php).
But in your case where you actually have /blank/ as "directory", there is an even simpler way: Put an index.php file into the directory.
It's an almost universal convention that if a directory is specified in the URL (without specific filename), the server will look for an index.php file (or index.html, but your question was about PHP in particular) in the directory and direct the request there.
I am trying to implement some php on an Apache 2+ Server which I do not have root access of. One script has to receive variables in a URL, but the API, that sends me the data, generates a URL-String with a # character in it.
The URL in Question would look like this:
http://website.name.com/script.php#foo=1&bar=2
Is there any way for the foo and bar variables to reach the script.php? I've read in other answers that everything after # doesn't get parsed by the server, so I tried to use an .htaccess file with a RewriteRule to replace the hashtag, but I was unable to create a working RegEx command.
No, the thing isn't that it isn't parsed by the server, the issue is that it's never being sent to the server. Everything after # is a local anchor, and is only available inside the current browser context (so Javascript would be able to read it, as it runs in the current browser context).
Since it's never sent to the server, you can't rewrite it or read it (since it doesn't exist) on the server side.
What you can do, is create a small bit of Javascript on the resulting page in script.php, and then submit that back to the server side - either through a redirect or through a fetch or xmlhttprequest.
To recreate the request as a GET request with the same parameters as given in the local anchor, you can use location.hash and remove the #:
location.href = 'realscript.php?' + location.hash.substring(1);
.. but I would consider parsing the hash yourself and then doing whatever is necessary in Javascript explicitly instead of redirecting like that.
I am having a small trouble with mod rewrite. A friend of mine is writing a script that allows you to upload images.
What we want to do is allow the user to append a domain name to a direct image link, and the script would retrieve the image from the supplied URL.
For example, if the image is at: http://www.test.com/image.jpg, adding domain.com/http://www.test.com/image.jpg would allow a script to retrieve that url (test.com) to get the image we want.
EDIT: HTTP is in front of the URL because I don't want the user to have to remove the HTTP manually. They see an image in their browser, they append "domain.com" before it, http and all and the script retrieves that image and stores it on our server.
The rule I am using is:
RewriteRule ^([\w|.|/]+(jpg|png|gif))$ /upload.php?url=http://$1 [B,L,NC,R=302]
this correctly matches URLs but the colon in http:// causes problems.
If the user inputs: domain.com/www.test.com/image.jpg, it works.
If the user inputs: domain.com/http://www.test.com/image.jpg, it doesn't work and I get a 403 forbidden page (XAMPP on Windows).
If the user inputs: domain.com/http//www.test.com/image.jpg, it works (no colon in http).
EDIT: By working, I mean if I test it locally, I get to see the URL I pass in a $_GET['url'] parameter correctly, instead of seeing an error 403.
Can you please tell me what is wrong with this rule and how to fix it? Or any alternative solutions to achieve the behavior we want?
Thank you.
Well, I think I've found the problem. It wasn't the regex, nor mod_rewrite itself.
So it's a bug in Apache on Windows that has been declared WONTFIX.
For reference, see this StackOverflow thread: and this bug report
I'm posting what I found and will consider this question answered. Thank you all!
You could use urlencode() in php
This approach is cumbersome, error prone and insecure (for example, an image URL isn't required to end with those well known file extensions)
If I understand your use case, it starts when the user is surfing the web and he's viewing an image, and he wants to share it via your service. Then he types by hand http://your.sharing.service in the browser's address bar, just before any text. Then you use mod_rewrite to trigger your script, but I think your regex (and your service too) will fail in a number of unpredictable ways.
I never used a service like this, and I think that the standard approach of using a button to submit the URL to some script (let's say http://my.service.com/upload?url=...) should be preferred.
The problem is in your regex...
Try:
^((http|https)+[\:\/\/\w\.]+(jpg|png|gif))$
This is the weirdest problem of my life, and can't even Google it. It's happening on an Apache powered website written in PHP, which uses mod_rewrite (but that's not the issue, I tried removing the .htaccess file, problem still exists).
If I have a query string that looks exactly or similar to: =/id I get an 501 response:
Method Not Implemented
GET to / not supported.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
I never written such error page, never sent an 501 response, don't have the slightest clue where this thing is coming from. Originally I had a long URL giving me a similar error, but I stripped down to this little snippet above. If I remove or change any character, the error's gone.
If that helps: my website is commentards.net, and the original URL was an openid login request which looks like this:
http://commentards.net/q/user/auth?openid_identifier=https://www.google.com/accounts/o8/id
from which the query string is:
?openid_identifier=https://www.google.com/accounts/o8/Fid
I asked the support team, and they said it was mod_security, and disabled it for my website. And now it works fine. I should have started with that. Anyway, thanks for your help.
Urlencode your query string parameter(s).
https://www.google.com/accounts/o8/id
becomes
https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2FFid
http://commentards.net/q/user/auth?openid_identifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2FFid works fine, so HerrSerker already answered your question.