I am using smarty as a template engine. I have to escape an image file path {$filepath|urlencode}, the problem is that the white space are converted into a '+', which prevent the image to be reached on the server : %20 would work, how to escape correctly my path ?
Edit : more precisely, I use the facebook share link
I use a facebook share as so and it doesn't display the image when shared :
``
The final code looks like for my specific usage :
<a href="http://www.facebook.com/dialog/feed?app_id=...&link=http%3A%2F%2Fmysite.org%2Findex.php%3Fpage%3Dcampaign%26campaign_id%3D18&picture=http%3A%2F%2Fmysite.org%2Ffiles%2Fcampaign%2Fimage%2Foriginals%2F18%2FSans+titre-3.jpg&name=Some text "Text d'Text", Text&description=Rejoignez%20la%20campagne%21&redirect_uri=http%3A%2F%2Fmysite.org%2Findex.php%3Fpage%3Dcampaign%26campaign_id%3D18"onclick="window.open(this.href);return false;">
on the same site, all the facebook share link works perfectly and the image displays well ! Reason why I thought it was the link of that specific image that is not working
escape is what you're searching for. Take a look at:
http://www.smarty.net/docsv2/en/language.modifier.escape.tpl
{$filepath|escape:"url"}
urlencode is used to encode (not escape!) a string to be used as a query part inside an URL passed as GET var: http://php.net/manual/en/function.urlencode.php
URL encoded space is either a plus sign or %20. They are equivalent, and are both interpreted as a space on the server.
If you see either in the URL, then the server will see a space.
You say that the plus sign is preventing the image from being loaded. This sounds like a deeper problem than simply using the wrong encoding. Possibly it's being double-encoded?
What is the actual URL being requested in the browser? Open the dev tools/Firebug, and look at the requests to find out. If the URL includes %2B then the plus sign is being double-encoded. This is the problem you need to solve.
The other solution, of course, is not to use spaces in filenames on the web. The only reason one would want spaces in filenames is for readability, but since the web requires spaces to be urlencoded, it removes that readability anyway. Take away the spaces, and the problem will go away by itself.
Related
I can't tell you how many hours of my life I've wasted on these kinds of idiotic errors.
I'm basically constructing a URL such as: https://example.com/?test=' . urlencode('meow+foo#gmail.com');
Then, I display it from the URL, like this: echo urldecode($_GET['test']);
And then it shows: meow foo#gmail.com.
Ugh.
If I instead fo this: echo $_GET['test'];
I get: meow+foo#gmail.com.
(Naturally, echoing a GET variable like that is insanity, so I would of course do htmlspecialchars around it in reality. But that's not the point I'm making here.)
So, since browsers (or something) is clearly making this "translation" or "decoding" automatically, doing it again messes it up by removing certain characters, in this case the "+" (plus). Which leads me to believe that I'm not supposed to use urldecode/rawurldecode at all.
But then why do they exist?
So when would one ever want to use them
I recently had a case where we added triggers to an S3 bucket which were being picked up by a Lambda function and sent via a HTTP request to an API endpoint.
If the path of the file on S3 was multiword, it would replace the space with a + at which point it would break our code because tecnically the path is incorrect.
Once you run it through urldecode it becomes a valid path because as per the docs:
Decodes any %## encoding in the given string. Plus symbols ('+') are decoded to a space character.
That would be a valid use case for this function as no browser is involved. Just background processes/requests.
Something I have noticed on the StackOverflow website:
If you visit the URL of a question on StackOverflow.com:
"https://stackoverflow.com/questions/10721603"
The website adds the name of the question to the end of the URL, so it turns into:
"https://stackoverflow.com/questions/10721603/grid-background-image-using-imagebrush"
This is great, I understand that this makes the URL more meaningful and is probably good as a technique for SEO.
What I wanted to Achieve after seeing this Implementation on StackOverflow
I wish to implement the same thing with my website. I am happy using a header() 301 redirect in order to achieve this, but I am attempting to come up with a tight script that will do the trick.
My Code so Far
Please see it working by clicking here
// Set the title of the page article (This could be from the database). Trimming any spaces either side
$original_name = trim(' How to get file creation & modification date/times in Python with-dash?');
// Replace any characters that are not A-Za-z0-9 or a dash with a space
$replace_strange_characters = preg_replace('/[^\da-z-]/i', " ", $original_name);
// Replace any spaces (or multiple spaces) with a single dash to make it URL friendly
$replace_spaces = preg_replace("/([ ]{1,})/", "-", $replace_strange_characters);
// Remove any trailing slashes
$removed_dashes = preg_replace("/^([\-]{0,})|([\-]{2,})|([\-]{0,})$/", "", $replace_spaces);
// Show the finished name on the screen
print_r($removed_dashes);
The Problem
I have created this code and it works fine by the looks of things, it makes the string URL friendly and readable to the human eye. However, it I would like to see if it is possible to simplify or "tightened it up" a bit... as I feel my code is probably over complicated.
It is not so much that I want it put onto one line, because I could do that by nesting the functions into one another, but I feel that there might be an overall simpler way of achieving it - I am looking for ideas.
In summary, the code achieves the following:
Removes any "strange" characters and replaces them with a space
Replaces any spaces with a dash to make it URL friendly
Returns a string without any spaces, with words separated with dashes and has no trailing spaces or dashes
String is readable (Doesn't contain percentage signs and + symbols like simply using urlencode()
Thanks for your help!
Potential Solutions
I found out whilst writing this that article, that I am looking for what is known as a URL 'slug' and they are indeed useful for SEO.
I found this library on Google code which appears to work well in the first instance.
There is also a notable question on this on SO which can be found here, which has other examples.
I tried to play with preg like you did. However it gets more and more complicated when you start looking at foreign languages.
What I ended up doing was simply trimming the title, and using urlencode
$url_slug = urlencode($title);
Also I had to add those:
$title = str_replace('/','',$title); //Apache doesn't like this character even encoded
$title = str_replace('\\','',$title); //Apache doesn't like this character even encoded
There are also 3rd party libraries such as: http://cubiq.org/the-perfect-php-clean-url-generator
Indeed, you can do that:
$original_name = ' How to get file creation & modification date/times in Python with-dash?';
$result = preg_replace('~[^a-z0-9]++~i', '-', $original_name);
$result = trim($result, '-');
To deal with other alphabets you can use this pattern instead:
~\P{Xan}++~u
or
~[^\pL\pN]++~u
I use a script to get an image from another server and store it in the db, the problem is that when the url has a space in it, the function grabs nothing.
I tried to encode the url and to simply replace all spaces with %20 but with no success.
I'm running out of options, if any of you could give me some ideas would be great!
Thanks!
$thumb=imagecreatefromjpeg(http://www.dummysite.ca/imageone.jpg); //->WORKS
$thumb=imagecreatefromjpeg(http://www.dummysite.ca/image one.jpg); //->DOESN'T WORK
EDIT: more info: I'm running a CentOS machine, php 5.2.17
EDIT: found the answer, replacing spaces with %20 actually WORKS but I was foolish and only replace it before the imagecreatefromjpeg call, it turns out getimagesize needs it as well
So for those who will have a similar problem
replacing spaces with %20 actually WORKS but I was foolish and only replace it before the imagecreatefromjpeg call, it turns out getimagesize needs it as well
I would do everything in my power to keep spaces out of filenames. At whatever point the file enters your server it should be renamed to something with underscores. Personally For file uploads I rename every file to a combination of timestamp and the uploader's ip address. Grabbing from another server could use the same logic. If you need to save the original filename just save it as a text string associated with the DB entry.
Here's the thing. I have friendly urls like
http://site.com/blog/read/мъдростта-на-вековете
http://site.com/blog/read/green-apple
The last segment is actually the friendly title of the blog article. The problem is when I try to pass that segment to the database, the cyrillic fonts turn into something like %D1%8A%D0%B4%D1%80%D0%BE%D1%81%D1%8 and couldn't match the database record. In the address bar in my browser it looks normal (мъдростта-на-вековете) but if I choose 'copy url location' the last segment again turns into these strange characters. I'm using CodeIgniter and everything is set to UTF-8.
Please help! :(
The text is just being encoded to fit the specification for URLs.
Echo out the data to a log to see what you are actually trying to pass to the database.
You should be able to decode it with urldecode.
The above answers are ok, but if you want to use routing with cyrillic it isn't enough. For example if you have http://site.com/блог/статия/мъдростта-на-вековете you will have to do something like this:
In config/routes.php: $route['блог/статия/(:any)'] = "blog/article/$1";
In system/core/URI.php , in the function _explode_segments(), you can change
$val = trim($this->_filter_uri($val));
to
$val = urldecode(trim($this->_filter_uri($val)));
This will solve the above problem plus controllers and functions.
Actually, Firefox is cheating you here: the URL actually is url-encoded, but is shown as if it wasn't. So copy-pasting and retrieving it on the server will have the URL encoded.
(Not sure if other browsers behave in the same way.)
I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.