I have this code that is ment to stop people entering dots and slashes into query strings.
The string is defined to a variable, then if the variable containes a '.' or a '/' i would like to replace them with forbidden and main.
<?php
if( strpos( $page, '/' ) === true ) { $page = 'forbidden'; $inner_page = 'main'; }
elseif( strpos( $page, '.' ) === true ) { $page = 'forbidden'; $inner_page = 'main'; }
elseif( strpos( $inner_page, '/' ) === true ) { $page = 'forbidden'; $inner_page = 'main'; }
elseif( strpos( $inner_page, '.' ) === true ) { $page = 'forbidden'; $inner_page = 'main'; }
?>
This code (isAllowedURL.php) is being loaded into this code:
<?php
$page = 'home';
$inner_page = 'main';
if( isset( $_GET['page'] ) )
{
$page = htmlspecialchars( $_GET['page'] );
}
if( isset( $_GET['subpage'] ) )
{
$inner_page = htmlspecialchars( $_GET['subpage'] );
}
include ('/indexBuilder/linkSecurity/isAllowedURL.php');
?>
As you can see, it changes the variables to the query if it exists and i would like to change it back if the variable containes the banned characters.
Why does this code not function as wanted?
-I changed the true to false and every page was made forbidden, changed it back and none where.
SOLVED:
You need to use !== to see if they are present. Also you cannot use true with strpos.
if( strpos( $page, '/' ) !== false ) { $page = 'forbidden'; $inner_page = 'main'; }
Related
When I installed WooCommerce on a WordPress page I got the chance to manage a little while ago, I started getting these errors whenever I go to a subpage:
Warning: preg_match() [function.preg-match]: Compilation failed: nothing to ?repeat at offset 1 in /var/www/watertours.dk/public_html/wp-includes/class-wp.php on line 222
Warning: preg_match() [function.preg-match]: Compilation failed: nothing to repeat at offset 1 in /var/www/watertours.dk/public_html/wp-includes/class-wp.php on line 223"
It even shows up in the dashboard occasionally.
I have found this guide which I have already tried several times:
step 0: if possible, backup your WP installation folder.
step 1: temporary disable all the plugins (important step)
step 2: in WordPress admin dashboard, go to Settings -> Permalinks
step 3: remember or note down somewhere what you have in the custom permalinks field: http://awesomescreenshot.com/0534epzk0c 96
step 4: temporary enable (switch to) the default permalink: http://awesomescreenshot.com/0f74epyi15 79 Click Save Changes button.
step 5: verify the website is working now (not everything, because the plugins are disabled, but the preg_match error should be gone)
step 6: switch back to the custom permalinks setting you had at step 3
step 7: enable back all the plugins
The error should be gone."
It works for a little while (two minutes or so) and then those two errors start popping up again.
I am thinking of just remaking the WordPress site from the ground up since it is quite a mess anyway. But if anyone has a solution, I would be more than grateful. :)
EDIT:
* Parse request to find correct WordPress query.
*
* Sets up the query variables based on the request. There are also many
* filters and actions that can be used to further manipulate the result.
*
* #since 2.0.0
*
* #global WP_Rewrite $wp_rewrite
*
* #param array|string $extra_query_vars Set the extra query variables.
*/
public function parse_request( $extra_query_vars = '' ) {
global $wp_rewrite;
/**
* Filters whether to parse the request.
*
* #since 3.5.0
*
* #param bool $bool Whether or not to parse the request. Default true.
* #param WP $this Current WordPress environment instance.
* #param array|string $extra_query_vars Extra passed query variables.
*/
if ( ! apply_filters( 'do_parse_request', true, $this, $extra_query_vars ) ) {
return;
}
$this->query_vars = array();
$post_type_query_vars = array();
if ( is_array( $extra_query_vars ) ) {
$this->extra_query_vars = & $extra_query_vars;
} elseif ( ! empty( $extra_query_vars ) ) {
parse_str( $extra_query_vars, $this->extra_query_vars );
}
// Process PATH_INFO, REQUEST_URI, and 404 for permalinks.
// Fetch the rewrite rules.
$rewrite = $wp_rewrite->wp_rewrite_rules();
if ( ! empty( $rewrite ) ) {
// If we match a rewrite rule, this will be cleared.
$error = '404';
$this->did_permalink = true;
$pathinfo = isset( $_SERVER['PATH_INFO'] ) ? $_SERVER['PATH_INFO'] : '';
list( $pathinfo ) = explode( '?', $pathinfo );
$pathinfo = str_replace( '%', '%25', $pathinfo );
list( $req_uri ) = explode( '?', $_SERVER['REQUEST_URI'] );
$self = $_SERVER['PHP_SELF'];
$home_path = trim( parse_url( home_url(), PHP_URL_PATH ), '/' );
$home_path_regex = sprintf( '|^%s|i', preg_quote( $home_path, '|' ) );
// Trim path info from the end and the leading home path from the
// front. For path info requests, this leaves us with the requesting
// filename, if any. For 404 requests, this leaves us with the
// requested permalink.
$req_uri = str_replace( $pathinfo, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$req_uri = preg_replace( $home_path_regex, '', $req_uri );
$req_uri = trim( $req_uri, '/' );
$pathinfo = trim( $pathinfo, '/' );
$pathinfo = preg_replace( $home_path_regex, '', $pathinfo );
$pathinfo = trim( $pathinfo, '/' );
$self = trim( $self, '/' );
$self = preg_replace( $home_path_regex, '', $self );
$self = trim( $self, '/' );
// The requested permalink is in $pathinfo for path info requests and
// $req_uri for other requests.
if ( ! empty( $pathinfo ) && ! preg_match( '|^.*' . $wp_rewrite->index . '$|', $pathinfo ) ) {
$requested_path = $pathinfo;
} else {
// If the request uri is the index, blank it out so that we don't try to match it against a rule.
if ( $req_uri == $wp_rewrite->index ) {
$req_uri = '';
}
$requested_path = $req_uri;
}
$requested_file = $req_uri;
$this->request = $requested_path;
// Look for matches.
$request_match = $requested_path;
if ( empty( $request_match ) ) {
// An empty request could only match against ^$ regex
if ( isset( $rewrite['$'] ) ) {
$this->matched_rule = '$';
$query = $rewrite['$'];
$matches = array( '' );
}
} else {
foreach ( (array) $rewrite as $match => $query ) {
// If the requested file is the anchor of the match, prepend it to the path info.
if ( ! empty( $requested_file ) && strpos( $match, $requested_file ) === 0 && $requested_file != $requested_path ) {
$request_match = $requested_file . '/' . $requested_path;
}
if ( preg_match( "#^$match#", $request_match, $matches ) || // Line 222
preg_match( "#^$match#", urldecode( $request_match ), $matches ) ) { // Line 223
if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$matches\[([0-9]+)\]/', $query, $varmatch ) ) {
// This is a verbose page match, let's check to be sure about it.
$page = get_page_by_path( $matches[ $varmatch[1] ] );
if ( ! $page ) {
continue;
}
$post_status_obj = get_post_status_object( $page->post_status );
if ( ! $post_status_obj->public && ! $post_status_obj->protected
&& ! $post_status_obj->private && $post_status_obj->exclude_from_search ) {
continue;
}
}
// Got a match.
$this->matched_rule = $match;
break;
}
}
}
if ( isset( $this->matched_rule ) ) {
// Trim the query of everything up to the '?'.
$query = preg_replace( '!^.+\?!', '', $query );
// Substitute the substring matches into the query.
$query = addslashes( WP_MatchesMapRegex::apply( $query, $matches ) );
$this->matched_query = $query;
// Parse the query.
parse_str( $query, $perma_query_vars );
// If we're processing a 404 request, clear the error var since we found something.
if ( '404' == $error ) {
unset( $error, $_GET['error'] );
}
}
// If req_uri is empty or if it is a request for ourself, unset error.
if ( empty( $requested_path ) || $requested_file == $self || strpos( $_SERVER['PHP_SELF'], 'wp-admin/' ) !== false ) {
unset( $error, $_GET['error'] );
if ( isset( $perma_query_vars ) && strpos( $_SERVER['PHP_SELF'], 'wp-admin/' ) !== false ) {
unset( $perma_query_vars );
}
$this->did_permalink = false;
}
}```
I've recently become the maintainer of a Wordpress site (I'm completely new to wordpress) and I'm having some difficulty determining where a redirect is specified.
I've checked the .htaccess file, and there's nothing specified in there. As far as I can tell, the rewrite rules aren't the cause.
I've tried deleting the page being redirected from and re-creating it, and the redirect still occurs.
My question is: where can you specify a redirect? I've run out of ideas of where to look.
one of my client want to custom url like
https://www.qsleap.com/gmat/resources as you know in wordpress evry request is catch by index.php . request filter catches the request and
call the page .
Read this code it may give you any idea.
function permalinks_customizer_request_before($query ){
$uri=$_SERVER['REQUEST_URI'];
$match= preg_match('/(gmat|gre|sat|lsat|cat)(\/resources\/tags\/)
(.*)\/(articles|videos|concept-notes|qna)/', $uri,$matches);
//$match=
preg_match('/(gmat|gre|sat|lsat|cat)/\resources/\tags/stanford-
gsb/\articles|videos|concept-notes)/?$', $uri,$matches);
if($match){
$url = parse_url( get_bloginfo( 'url' ) );
$url = isset( $url['path']) ? $url['path'] : '';
$request = ltrim( substr( $_SERVER['REQUEST_URI'], strlen( $url ) ), '/' );
$request = ( ( $pos = strpos( $request, '?' ) ) ? substr( $request, 0, $pos ) : $request );
if ( ! $request )
return $query;
$original_url="?page_name=tags&exam=".$matches[1]."&post_tag=".$matches[3]."&post_type=".$matches[4];
if ( $original_url !== null ) {
$original_url = str_replace('//', '/', $original_url);
if ( ( $pos = strpos( $_SERVER['REQUEST_URI'], '?' ) ) !== false ) {
$queryVars = substr( $_SERVER['REQUEST_URI'], $pos + 1 );
$original_url .= ( strpos( $original_url, '?' ) === false ? '?' : '&') . $queryVars;
}
$oldRequestUri = $_SERVER['REQUEST_URI'];
$oldQueryString = $_SERVER['QUERY_STRING'];
$_SERVER['REQUEST_URI'] = '/' . ltrim( $original_url, '/' );
$_SERVER['QUERY_STRING'] = ( ( $pos = strpos( $original_url, '?' ) ) !== false ? substr( $original_url, $pos + 1 ) : '' );
parse_str( $_SERVER['QUERY_STRING'], $queryArray );
$oldValues = array();
global $wp;
$wp->parse_request();
$query = $wp->query_vars;
if ( is_array( $queryArray ) ) {
foreach ( $queryArray as $key => $value ) {
$oldValues[$key] = $_REQUEST[$key];
$_REQUEST[$key] = $_GET[$key] = $value;
$query[$key]=$value;
}
}
$_SERVER['REQUEST_URI'] ='';
$_SERVER['QUERY_STRING']='';
}
}
return $query;
}
add_filter( 'request','permalinks_customizer_request_before',0);
function wp_url_rewrite_templates() {
if (get_query_var( 'page_name' ) && get_query_var( 'page_name'
)=='tags') {
add_filter( 'template_include', function() {
$template= dirname( __FILE__ ) . '/page-tags.php';
return $template;
});
}
}
add_action( 'template_redirect', 'wp_url_rewrite_templates' ,4 );
I think the easiest way for you to remove the redirects will be with this plugin.
https://redirection.me/
After you install it and activate it. From the Wordpress Admin
Tools > Redirection
You'll see a list of redirects, and add/remove any.
Ok so basically I am reading through this piece of source code and do not understand the purpose of a specific area.
class URL_Processor
{
private static $urlPath;
private static $urlBits = array();
/*
Gets data from the current URL
#return Void
*/
public function getURLData()
{
$urldata = (isset($_GET['page'])) ? $_GET['page'] : '' ;
self::$urlPath = $urldata;
if( $urldata == '' )
{
self::$urlBits[] = 'home';
self::$urlPath = 'home';
}
else
{
$data = explode( '/', $urldata );
while ( !empty( $data ) && strlen( reset( $data ) ) === 0 )
{
array_shift( $data );
}
while ( !empty( $data ) && strlen( end( $data ) ) === 0)
{
array_pop($data);
}
self::$urlBits = $this->array_trim( $data );
}
}
private function array_trim( $array )
{
while ( ! empty( $array ) && strlen( reset( $array ) ) === 0)
{
array_shift( $array );
}
while ( !empty( $array ) && strlen( end( $array ) ) === 0)
{
array_pop( $array );
}
return $array;
}
}
So basically from my understanding the two while loops with 'array_shift' in the getURLData method empty out the array but according to my logic the second while loop wont even be able to empty anything out because the first while loop already did.
Then the last line of the method getURLData
self::$urlBits = $this->array_trim( $data );
does the same thing but how if the passed in argument is empty already?
Very confused!!!
The first while loop removes all leading elements in the array where their string length is zero, the second one does the same with trailing elements. reset($array) will point to the first, end($array) to the last element.
Why he mushes it through a second time? I don't know.
I'm trying to get more advanced with php and I pick up the book PHP 5 Social Networking by Michael Peacock. While the book seemed to be interesting it didn't however get to involved in the details of the code. The function I'm trying to figure out is,
public function getURLData()
{
$urldata = ( isset( $_GET['page'] ) ) ? $_GET['page'] : '' ;
$this->urlPath = $urldata;
if( $urldata == '' )
{
$this->urlBits[] = '';
$this->urlPath = '';
}
else
{
$data = explode( '/', $urldata );
while ( !empty( $data ) && strlen( reset( $data ) ) === 0 )
{
//NOTES: php array_shift — Shift an element off the beginning of array
array_shift( $data );
}
while ( !empty( $data ) && strlen( end( $data ) ) === 0)
{
array_pop($data);
}
$this->urlBits = $this->array_trim( $data );
}
}
This a part of a larger class and the $_GET['page'] is something like this: relationships/mutual/3. My main question is what is happening in the else section. I think what is happening that it's removing any empty array indexes but I also question that.
Any help would be appreciated.
EDIT: added array_trim function that is also part of the class
private function array_trim( $array )
{
while ( ! empty( $array ) && strlen( reset( $array ) ) === 0)
{
array_shift( $array );
}
while ( !empty( $array ) && strlen( end( $array ) ) === 0)
{
array_pop( $array );
}
return $array;
}
public function getURLData()
{
Gets the 'page', this data can be obtained by $_GET from the url: for instance: http://mysite.com/?page=contact
If 'page' has been set, is assigned to $urldata, else $urldata=''
$urldata = ( isset( $_GET['page'] ) ) ? $_GET['page'] : '' ;
$this->urlPath = $urldata;
if( $urldata == '' )
{
$this->urlBits[] = '';
$this->urlPath = '';
}
else
{
Now is creating an array with all the substrings from $urldata splited by '/'
$data = explode( '/', $urldata );
If the array $data is not empty (otherwise accessing a non-existent element would raise an exception) or the lenght of the first element is equal to 0, then removes the first element from the array.
while ( !empty( $data ) && strlen( reset( $data ) ) === 0 )
{
//NOTES: php array_shift — Shift an element off the beginning of array
array_shift( $data );
}
If the array $data is not empty (otherwise accessing a non-existent element would raise an exception) or the lenght of the last element is equal to 0, then removes the last element from the array.
while ( !empty( $data ) && strlen( end( $data ) ) === 0)
{
array_pop($data);
}
array_trim is a custom function, not sure what does but probably will do some kind of trimming too
$this->urlBits = $this->array_trim( $data );
}
}
I have been using the following script to create sitemaps for my clients websites. The issue is it does not work for every site. I have found that many if not all the sites hosted on godaddy do not spider. If anyone can see an error in my script or know what is causing the fault I would greatly appreciate the help.
Thanks in advance
set_time_limit(0);
class spider_man
{
var $url;
var $limit;
var $cache;
var $crawled;
var $banned_ext;
var $domain;
function spider_man( $url, $banned_ext, $limit ){
$this->domain = $url;
$this->url = 'http://'.$url ;
$this->banned_ext = $banned_ext ;
$this->limit = $limit ;
if( !fopen( $this->url, "r") ) return false;
else $this->_spider($this->url);
}
function _spider( $url ){
$this->cache = #file_get_contents( urldecode( $url ) );
if( !$this->cache ) return false;
$this->crawled[] = urldecode( $url ) ;
preg_match_all( "#href=\"(https?://[&=a-zA-Z0-9-_./]+)\"#si", $this->cache, $links );
if ( $links ) :
foreach ( $links[1] as $hyperlink ){
if(strpos($hyperlink,$this->domain)===false){ break; }
else{
$this->limit--;
if( ! $this->limit ) return;
if( $this->is_valid_ext( trim( $hyperlink ) ) and !$this->is_crawled( $hyperlink ) ) :
$this->crawled[] = $hyperlink;
echo "Crawling $hyperlink<br />\n";
unset( $this->cache );
$this->_spider( $hyperlink );
endif;
}
}
endif;
}
function is_valid_ext( $url ){
foreach( $this->banned_ext as $ext ){
if( $ext == substr( $url, strlen($url) - strlen( $ext ) ) ) return false;
}
return true;
}
function is_crawled( $url ){
return in_array( $url, $this->crawled );
}
}
$banned_ext = array(".dtd",".css",".xml",".js",".gif",".jpg",".jpeg",".bmp",".ico",".rss",".pdf",".png",".psd",".aspx",".jsp",".srf",".cgi",".exe",".cfm");
$spider = new spider_man( 'domain.com', $banned_ext, 100 );
print_r( $spider->crawled );
When you access a site using fopen() of file_get_contents() you don't send AGENT or REFERRER or other header information. It's blatently obvious that this is an automated script.
You need to look at sending context with your fopen (check the docs and read the context section) or, better still, using CURL. This allows you to set the agent and referrer headers to simulate a browser.