I am trying to pass across a string to receive a response. In the URL, at the end for the Password= field, there is a Exclamation Point in the string. This is causing a fail in the code - I have included an example below
$getResponse = file_get_contents("https://LINK/&Password=pass!word");
echo "<br>Response:";var_dump($getResponse);die;
I have tried both as you see above AND by putting \ in front of the Exclamation Point. Any assistance would be greatly apprecieated!
You need to encode non-ASCII characters (!) into a format that can be transmitted over the Internet.
Try this:
$url=urlencode("https://LINK/&Password=pass!word");
$getResponse = file_get_contents($url);
echo "Response:";var_dump($getResponse);die;
Urlencode Help on PHP
Try escaping password in url:
$pswd = urlencode('pass!word'); /* or use - rawurlencode */
$url = 'https://example.com/page?Password='.$pswd; /* replaced `&` with `?` */
$getResponse = file_get_contents($url);
Related
there is an external page, that passes a URL using a param value, in the querystring. to my page.
eg: page.php?URL=http://www.domain2.com?foo=bar
i tried saving the param using
$url = $_GET['url']
the problem is the reffering page does not send it encoded. and therefore it recognizes anything trailing the "&" as the beginning of a new param.
i need a way to parse the url in a way that anything trailing the second "?" is part or the passed url and not the acctual querystring.
Get the full querystring and then take out the 'URL=' part of it
$name = http_build_query($_GET);
$name = substr($name, strlen('URL='));
Antonio's answer is probably best. A less elegant way would also work:
$url = $_GET['url'];
$keys = array_keys($_GET);
$i=1;
foreach($_GET as $value) {
$url .= '&'.$keys[$i].'='.$value;
$i++;
}
echo $url;
Something like this might help:
// The full request
$request_full = $_SERVER["REQUEST_URI"];
// Position of the first "?" inside $request_full
$pos_question_mark = strpos($request_full, '?');
// Position of the query itself
$pos_query = $pos_question_mark + 1;
// Extract the malformed query from $request_full
$request_query = substr($request_full, $pos_query);
// Look for patterns that might corrupt the query
if (preg_match('/([^=]+[=])([^\&]+)([\&]+.+)?/', $request_query, $matches)) {
// If a match is found...
if (isset($_GET[$matches[1]])) {
// ... get rid of the original match...
unset($_GET[$matches[1]]);
// ... and replace it with a URL encoded version.
$_GET[$matches[1]] = urlencode($matches[2]);
}
}
As you have hinted in your question, the encoding of the URL you get is not as you want it: a & will mark a new argument for the current URL, not the one in the url parameter. If the URL were encoded correctly, the & would have been escaped as %26.
But, OK, given that you know for sure that everything following url= is not escaped and should be part of that parameter's value, you could do this:
$url = preg_replace("/^.*?([?&]url=(.*?))?$/i", "$2", $_SERVER["REQUEST_URI"]);
So if for example the current URL is:
http://www.myhost.com/page.php?a=1&URL=http://www.domain2.com?foo=bar&test=12
Then the returned value is:
http://www.domain2.com?foo=bar&test=12
See it running on eval.in.
I have a method of pulling Youtube video data from API links. I use Wordpress and ran into a snag.
In order to pull the thumbnail, views, uploader and video title I need the user to input the 11 character code at the end of watch?v=_______. This is documented with specific instructions for the user, but what if they ignore it and paste the whole url?
// the url 'code' the user should input.
_gXp4hdd2pk
// the wrong way, when the user pastes the whole url.
https://www.youtube.com/watch?v=_gXp4hdd2pk
If the user accidentally pastes the entire URL and not the 11 character code then is there a way I can use PHP to grab either the code or whats at the end of this url (11 characters after 'watch?v='?
Here is my PHP code to pull the data:
// $url is the code at the end of 'watch?v=' that the user inputs
$url = get_post_meta ($post->ID, 'youtube_url', $single = true);
// $code is a variable for placing the $url in a youtube link so I can output it to an API link
$code = 'http://www.youtube.com/watch?v=' . $url;
// $code is called at the end of this oembed code, allowing me to decode json data and pull elements from json to echo in my html
// echoed output returns json file. example: http://www.youtube.com/oembed?url=http://www.youtube.com/watch?v=_gXp4hdd2pk
$json = file_get_contents('http://www.youtube.com/oembed?url='.urlencode($code));
Im looking for something like...
"if user inputs code, use this block of code, else if user inputs whole url use a different block of code, else throw error."
Or... if they use the whole URL can PHP only use a specific section of that url...?
EDIT: Thank you for all the answers! I am new to PHP, so thank you all for your patience. It is difficult for graphic designers to learn PHP, even reading the PHP manual can give us headaches. All of your answers were great and the ones ive tested have worked. Thank you so much :)
Try this,
$code = 'https://www.youtube.com/watch?v=_gXp4hdd2pk';
if (filter_var($code, FILTER_VALIDATE_URL) == TRUE) {
// if `$code` is valid url
$code_arr = explode('?v=', $code);
$query_str = explode('&', $code_arr[1]);
$new_code = $query_str[0];
} else {
// if `$code` is not a valid url like '_gXp4hdd2pk'
$new_code = $code;
}
echo $new_code;
Here's a simple option for you to do, unless you want to use regex like Nisse Engström's Answer.
Using the function parse_url() you could do something like this:
$url = 'https://www.youtube.com/watch?v=_gXp4hdd2pk&list=RD_gXp4hdd2pk#t=184';
$split = parse_url('https://www.youtube.com/watch?v=_gXp4hdd2pk&list=RD_gXp4hdd2pk#t=184');
$params = explode('&', $split['query']);
$video_id = str_replace('v=', '', $params[0]);
now $video_id would return:
_gXp4hdd2pk
from the $url supplied in the above code.
I suggest you read the parse_url() documentation to ensure you understand and grasp it all :-)
Update
for your comment.
You'd use something like this to make sure the parsed value is a valid URL:
// this will check if valid url
if (filter_var($code, FILTER_VALIDATE_URL)) {
// its valid as it returned true
// so run the code
$url = 'https://www.youtube.com/watch?v=_gXp4hdd2pk&list=RD_gXp4hdd2pk#t=184';
$split = parse_url('https://www.youtube.com/watch?v=_gXp4hdd2pk&list=RD_gXp4hdd2pk#t=184');
$params = explode('&', $split['query']);
$video_id = str_replace('v=', '', $params[0]);
} else {
// they must have posted the video code as the if check returned false.
$video_id = $url;
}
Just try as follows ..
$url =" https://www.youtube.com/watch?v=_gXp4hdd2pk";
$url= explode('?v=', $url);
$endofurl = end($url);
echo $endofurl;
Replace $url variable with input .
I instruct my users to copy and paste the whole youtube url.
Then, I do this:
$video_url = 'https://www.youtube.com/watch?v=_gXp4hdd2pk'; // this is from user input
$parsed_url = parse_url($video_url);
parse_str($parsed_url['query'], $query);
$vidID = isset($query['v']) ? $query['v'] : NULL;
$url = "http://gdata.youtube.com/feeds/api/videos/". $vidID; // this is used for the Api
$m = array();
if (preg_match ('#^(https?://www.youtube.com/watch\\?v=)?(.+)$#', $url, $m)) {
$code = $m[2];
} else {
/* No match */
}
The code uses a Regular Expression to match the user input (the subject) against a pattern. The pattern is enclosed in a pair of delimiters (#) of your choice. The rest of the pattern works like this:
^ matches the beginning of the string.
(...) creates a subpattern.
? matches 0 or 1 of the preceeding character or subpattern.
https? matches "http" or "https".
\? matches "?".
(.+) matches 1 or more arbitrary charactes. The . matches any character (except newline). + matches 1 or more of the preceeding character or subpattern.
$ matches the end of the string.
In other words, optionally match an http or https base URL, followed by the video code.
The matches are then written to $m. $m[0] contains the entire string, $m[1] contains the first subpattern (base URL) and $m[2] contains the second subpattern (code).
Looking for how to get the complete string in a URI, after the away?to=
My code:
if (isset($_SERVER[REQUEST_URI])) {
$goto = $_SERVER[REQUEST_URI];
}
if (preg_match("/to=(.+)/", $goto, $goto_url)) {
$link = "<a href='{$goto_url[1]}' target='_blank'>{$goto_url[1]}</a>";
The original link is:
https://domain.com/away?to=http://www.zdf.de/ZDFmediathek#/beitrag/video/2162504/Verschw%C3%B6rung-gegen-die-Freiheit-%281%29
.. but my code is cutting the string after the away?to= to only
http://www.zdf.de/ZDFmediathek
You know the fix for this preg_match function to allow really every character following the away?to= ??
UPDATE:
Found out, that $_SERVER['REQUEST_URI'] or $_SERVER['QUERY_STRING'] is already cutting the original URL. Do you know why and how to prevent that?
try use (.*) to get all after to=
$str = 'away?to=dfkhgkjdshfgkhldsflkgh';
preg_match("/to=(.*)/", $str, $goto_url);
echo $goto_url[1]; //dfkhgkjdshfgkhldsflkgh
Instead of extracting the URL with regex from the request URI you can just get it from the $_GET array:
$link = "<a href='{$_GET['to']}' target='_blank'>{$_GET['to']}</a>";
I would like to read a url. www.domain.com?cookie=set&redirect=yes
Now I want to use $ _SERVER['REQUEST_URI'] but this does not work with strip_tags and htmlspecialchars.
Also many I read that you should watch for XSS.
Does anyone know how to save a URL can be used by GET?
$url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];
$url = strip_tags($url);//doesnt work
$url = htmlspecialchars($url);//doesnt work
Thanks!
Edit to (doesnt work):
$url = "http://".$_SERVER[HTTP_HOST]."".$_SERVER[REQUEST_URI];
$url = strip_tags($url);
echo $url;
for example
www.domain.com?cookie=set&redirect=yes
output => index.php?cookie=se%3Cscript%3Et&re%3Cb%3Ed%3C/b%3Eirect=yes
This line
$url = "http://'.$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI];
Needs to be either
$url = "http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
or
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
The way you are currently doing it will not concatenate the data correctly.
Issues with the your line:
Your mixing quotes around the protocol " to open and ' to close
You are not quoting the $_SERVER params e.g $_SERVER['PARAM']
You are not joining the 2 $_SERVER vars with anything so you'll get a syntax error
I am getting content of XML using this code:
$xml = simplexml_load_file("X.xml");
echo $xml->CountryList->Country[1];
Here is the X.xml:
<PickUpCityListRQ>
<CountryList>
<Country>Albania</Country>
<Country>Andorra</Country>
</CountryList>
</PickUpCityListRQ>
Everything works fine, it returns Andorra for me, but, when I try to use url with special characters, like this one:
http://somelink/ServiceRequest.do?xml=<PickUpCityListRQ><Credentials username='USERNAME' password='PASSWORD' remoteIp='IP'/><Country>UK</Country></PickUpCityListRQ>
This link won't work for you as it just an example, but believe, real link returns the same content as X.xml. I know that the reason of that are special characters in the link, but I can't get it work. I tried something like this:
$username = "USERNAME";
$password = "PASSWORD";
$accessurl = htmlspecialchars("Credentials username='$username' password='$password' remoteIp='123.123.123.123'/");
$required = htmlspecialchars("<PickUpCityListRQ><$accessurl><Country>UK</Country></PickUpCityListRQ>");
$url = 'somelink/service/ServiceRequest.do?xml='.$required;
echo $url;
It returns (with echo) the required link, in case if I use it manualy (in browser) I'll get to the required content. But if I try to get XML content using this code:
$xml = simplexml_load_file($url);
echo $xml->CountryList->Country[1];
I won't work.
Any ideas?
Thank you in advance.
htmlspecialchars is used to protect special char inside an HTML content page (especially on user input, to avoid some sort of XSS or other attack..).
When you are manipulating URLs, you should use instead urlencode to send your content as parameter of the URL.
So your URL will be:
http://someserver/somethink/services/ServiceRequest.do?xml=%3CPickUpCityListRQ%3E%3CCredentials%20username%3D'USERNAME'%20password%3D'PASSWORD'%20remoteIp%3D'IP'%2F%3E%3CCountry%3EUK%3C%2FCountry%3E%3C%2FPickUpCityListRQ%3E
As the documentation says, urldecode is not requiered because the superglobals $_GET and $_REQUEST are already urldecoded. So, in your script which do the job you can directly use the value in your $_GET entry.
$xml = simplexml_load_string($_GET['xml']);
documentation : urlencode
Answer stolen from PHP simplexml_load_file with special chars in URL
Use this
$username = "USERNAME";
$password = "PASSWORD";
$accessurl = "Credentials username='$username' password='$password' remoteIp='123.123.123.123'/";
$required = "<PickUpCityListRQ><$accessurl><Country>UK</Country></PickUpCityListRQ>";
$url= rawurlencode("somelink/service/ServiceRequest.do?xml={$required}");
$xml = simplexml_load_file($url);
echo $xml->CountryList->Country[1];