i have a download.php file which gets and opens files. i have a problem is that files were named using '&' in the file name so i get file not found when trying to access files with '&' in them.
example: download.phpf=one_&_another.pdf
in the download.php file i use get to the the file name ($_GET['f']) the example above throws the error file not found if i change the file name to one_and_another.pdf it works.
Yes renaming would be nice if there wasnt a whole lot of these files named this way.
I need to know how to ignore the fact that '&' doesnt mean im about to pass another var in php.
If you can control the query strings, you need to URL encode the ampersands so they look like this:
download.php?f=one_%26_another.pdf
Then look for $_GET['f'] as usual. Otherwise a literal ampersand & would break $_GET into
{ 'f' => 'one_', '_another.pdf' => '' }
You will probably just need to urlencode() the & properly in your links:
download.php?f=one_%26_another.pdf
Rule number 1 for accepting user input: do not trust it.
Refer to this StackOverflow answer for your solution.
Related
I'm a little unsure of how to word this one but essentially, I want to achieve the following:
http://my.website/?url=http://another.website/?var1=data&var2=moredata&id=119
And for the URL variable to be: http://another.website/?var1=data&var2=moredata&id=119
Naturally, PHP sees var2 and id as new variables. This would be used to pass a full URL from one page to another, however, it poses an issue when the page already has its own variables in the URL!
Any help appreciated!
You need to encode the secondary url which you're putting inside the url variable when you create it. This will ensure it doesn't contain special querystring characters that the receiving website will misunderstand. If the code in my.website is PHP too then the urlencode function (http://php.net/manual/en/function.urlencode.php) is your friend. For example:
urlencode("http://another.website/?var1=data&var2=moredata&id=119")
produces
http%3A%2F%2Fanother.website%2F%3Fvar1%3Ddata%26var2%3Dmoredata%26id%3D119
which will not be misunderstood by the PHP code reading it as containing further separate variables.
I am having trouble googling this, so please bear with me.
I have a code example that is about uploading files and there is the assignment of a temporary file to an array like this:
$postparam['file1'] = '#../res/example.pdf';
I would like to know what the effect of the # character is. I know about error suppression with # but i am confused about the use inside the string.
Thanks.
I found the answer: The example uses cURL and that is why the # is required as a prefix to the filename.
#filename
This will make curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST.
Source
I've been visiting stackoverflow.com for a long time and always found the solution to my problem. But this time it's different. That's why I'm posting my first question here.
The situation looks like this: My website provides a directory explorer which allows users to download whole directory as a zip file. The problem is I end up with error when I want to download a dir containg special characters in it's name, i.e. 'c++'. I don't want to force users to NOT name their folders with those special chars, so I need a clue on this one. I noticed that the whole problem comes down to GET protocol. I use ajax POST for example to roll out the directory content, but for making a .zip file and downloading it I need GET:
var dir_clicked = $(e.target).attr('path'); //let's say it equals '/c++'
window.location = 'myDownloadSite.php?directory_path='+dir_clicked;
I studied whole track of dir_clicked variable, step by step, and it seems that the variable in adress is sent correctly (I see the correct url in browser) but typing:
echo $_GET['directory_path']
in myDownloadSite.php prints
'/c'
instead of
'/c++'
Why the GET protocol is cutting my pluses?
You can use:
encodeURIComponent() //to get the url then use
decodeURIComponent() //to decode and access ur filename.
Use urlencode() and urldecode() on server side.
Try encoding your URI with encodeURI(url) JavaScript function.
window.location = encodeURI('myDownloadSite.php?directory_path=' + dir_clicked);
Maybe use encodeURIComponent() and then remove all %xx occurrences?
When the information is posted it is encoded with special chars, sounds like you just need to decode them before using the information.
You can use php function urldecode() to decode the folder names before using them...
$_GET[directory_path]=urldecode($_GET[directory_path]);
I'm using cakephp. In my users model I allow ppl to upload a pic. Once it uploads ok I save the url of the pic to $this->data['User']['image_url'] and save it. To upload I use the kind advice given here: http://www.jamesfairhurst.co.uk/posts/view/uploading_files_and_images_with_cakephp
After the upload is done I want to resize the photo so I have a thumbnail. I'm using the advice here: http://bakery.cakephp.org/articles/Perkster/2008/04/12/image-resizer-crop
All is ok, except for the value in $this->data['User']['image_url'] looks like files/photos/userimage.jpg
The upload script I'm using seems to be expecting the urls with backslashes rather than forward ones coz when I run it I get the error
getimagesize(C:\xampp\htdocs\MyNewSite\app\webroot\img\files/photos\$image_name) [function.getimagesize]: failed to open stream:
What can I do to fix this?
The slashes are not the problem, the $image_name is. It's impossible to tell without seeing the code, but you probably are using single quotes when assigning the file name, leading to the variable not getting parsed properly.
Windows accepts both directory separators \ and /, thus the problem must be somewhere else. This is taken from the error message
C:\xampp\htdocs\MyNewSite\app\webroot\img\files/photos\$image_name
I assume, that there is no file $image_name ;) It seems, that you didnt let PHP evaluate the variables when calling getimagesize()
I have a weird problem with $_GET method. I have a php code like this:
$fopen("files/" . $_GET['file'], "r");
When i write file path parameter my self It's run good but when I get the file name from $_GET method it shows me some error like the path is wrong.
What's wrong with it ?
Is there any special encoding for $_GET method to decode it to the right string style. I tried urldecode but it wasn't make any change.
Number one rule is to sanitize your input. Using $_GET like that is just asking for trouble.
Do the right thing. Put the $_GET value into a variable, verify that it is valid input THEN try to open the file.
As said at the bottom:
Try to dump the $_GET with print, print_r or var_dump
Try to sanitize the input
Remove the leading $ in your code (**$**fopen)
Test if file exists in the specified directory with if(is_file($path)
Isn't the problem caused by file extencion or permissions?
There could be more. It also depends on system you use (Win, Unix, Mac..).
Don't EVER use user input without validation, especially not for opening files on the host computer! I cannot overstate just how dangerous this is. What if someone entered a GET string with the value '../../../../../etc/password' into your application?