Space Pirate
Join Date: May 2004
Location: Atlanta
|
I'm working on a website right now and have some top-level page names like these:
Home Advisory Services Project Services Contact About They're pulled from a database that I've created and used as navigation links, with hyphens between the words. I'm using an htaccess file to do a mod-rewrite so that page URLs are shown like this: example.com/home example.com/advisory-services example.com/management-services example.com/contact example.com/about Standard stuff. The rewrite rule uses this: Code:
RewriteRule ^/?([a-zA-Z_0-9\-]+)/?$ index.php?bar=$1 [L] (the contents are escaped inside of '/?' because of the environment)The index.php page checks to see if a value has been passed: Code:
if (isset($_GET['bar'])) {
$foo=$_GET['bar'];
} Each of the previously mentioned links passes this check EXCEPT for the one named "advisory-services". That one is not passed along and gets the warning "No passed variable". If I go into the database and change a letter in that link to something like "advisory-servicef", it works fine. Lots of variations have worked, but whenever I change it back to "advisory-services" it fails. I am supremely confused. And sleepy. g'nite ... |
quote |
Ninja Editor
Join Date: May 2004
Location: Bay Area, CA
|
Do the back-end names have to be in English? "consultorium servicia"
|
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
LOL
I'd rather that they be the same so I don't have to create a translation routine Just to humor you, I replaced "advisory services" with "consultorium servicia" and it worked perfectly! And, just for shits and giggles, I changed an entry farther down in the database to "advisory services" and it balked in the same way documented previously. A new day of trying to suss out what exactly is happening... ... |
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Oh! Of note: the entries in the database do NOT have hyphens in them - only spaces.
That's something that I'm doing in my code when generating the links. example.com/home example.com/advisory-services example.com/management-services example.com/contact example.com/about ... |
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
Just to close the loop, I figured it out.
I just don't know what I did to figure it out. I hate that, but it is what it is. ... |
quote |
Making sawdust
Join Date: May 2004
Location: Minnesota
|
I just wanted to add, is something like this in your actual code?
Code:
$foo=$_GET['bar']; I hope you're taking steps to validate and escape that data, especially if it goes anywhere near your database. |
quote |
Space Pirate
Join Date: May 2004
Location: Atlanta
|
|
quote |
Making sawdust
Join Date: May 2004
Location: Minnesota
|
Basically, yes. I've been working with Silex and Symfony a lot lately, and its made me rethink everything I thought I knew about php and security. Long story short, never trust data from the client
|
quote |
¡Damned!
Join Date: May 2004
Location: Purgatory
|
[quote=addseo1234;792084]especially if it goes anywhere near your database.
[url=https://www.SPAMMITYSPAM.com/livescore/][color=#D3DAE3]ผลบอล[/color][/url][/quote] ^ First time I've seen them using the background color to hide a spam link. Sneaky! |
quote |
Posting Rules | Navigation |
|
Thread Tools | |