URL not being captured right for my query.....

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

URL not being captured right for my query.....

Post by simonmlewis »

Code: Select all

$url = $_GET['url'];
if ($url == "http://www.site.co.uk")
{
echo "<meta http-equiv='Refresh' content='0 ;URL=$url;'>";
}
else
{
  $newstring = substr_replace($url, 'www', 7, 1);
echo "<meta http-equiv='Refresh' content='0 ;URL=$newstring'>";
}
This is for mobile subdomain use. The person goes to the homepage on their mobile. Takes them to a page for Mobile or Normal.
They click normal and it takes them here.
Since the URL they were at is http://www.site.co.uk then the top query should run and take them back to the homepage of the normal site.
Else, it should take them to the second query, which changes the URL, and replaces the m (http://m.site.co.uk) with the 'www'.

If I echo $url on the page, it shows http://www.site.co.uk, but the query still opts for the second "else" option each time. I cannot see why.

This is the full code:

Code: Select all

if(isset($cookiesite))
{
$url = $_GET['url'];
  if ($cookiesite == "mobile")
  {
  $newstring = substr_replace($url, 'm', 7, 3);
  echo "<meta http-equiv='Refresh' content='50 ;URL=$newstring'>";
  }
  
  if ($cookiesite == "normal")
  { 
    echo "$url<br/>";
    if ($url == "http://www.site.co.uk") { $point = "normalhome";}
    
    if ($point == "normalhome") 
    {
    echo "One moment - redirecting to $url<br/>";
    echo "<meta http-equiv='Refresh' content='5 ;URL=http://www.site.co.uk'>";
    }
    else
    {
    $newstring = substr_replace($url, 'www', 7, 1);  
    echo "One moment - redirecting to $newstring";
    echo "<meta http-equiv='Refresh' content='5 ;URL=$newstring'>";
    }
  }
}
Even tho "pointhome" is "http://www.site.co.uk", it's still using the $newstring" version, which is incorrect. Why is it using that?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: URL not being captured right for my query.....

Post by simonmlewis »

I fixed it. Missing / at the end of my query.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: URL not being captured right for my query.....

Post by Christopher »

That code looks pretty hackable -- especially since you do not filter/validate $_GET['site']. I would recommend not modifying the domain name, but instead use either "www.site.co.uk" or "m.site.co.uk" as hardcoded domains so no other domain can be injected.
(#10850)
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: URL not being captured right for my query.....

Post by simonmlewis »

Normally the domain is entirely different. Not just the 'domain' part.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: URL not being captured right for my query.....

Post by Eric! »

That code is insecure and vulnerable to XSS.

Sanitize all user variables before using them (see filter_var)
Verify them (filter_var)
and before echoing them, disable injection by encoding them: htmlentities($url, ENT_QUOTES, "UTF-8")

And why are you still using meta refresh tags to redirect?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: URL not being captured right for my query.....

Post by simonmlewis »

Awful thing to admit to but I don't use those!
I use the Escape method. How do I use htmlentities and should I use one for each variable?

I have built in PDO, and got others on back burner for rebuilds, but thus ought to be part of that.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: URL not being captured right for my query.....

Post by Eric! »

Someone can easily inject a javascript attack into your line

Code: Select all

echo "One moment - redirecting to $url<br/>";
They could do things like make a link that would inject porn images or something embarrassing on your site to stealing the users cookie data.

Changing this to

Code: Select all

echo "One moment - redirecting to ".htmlentities($url, ENT_QUOTES, "UTF-8")."<br/>";
Will at least stop that. But there are other games hackers can play with your $url because you are just redirecting to a raw string that could contain anything. And why are you using the meta refreshes?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: URL not being captured right for my query.....

Post by simonmlewis »

To be fair to myself, I don't nice use "you are being directed to". That was for testing.

Why not? Is the other option to replace the page better?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: URL not being captured right for my query.....

Post by Eric! »

You're using raw user input and assuming it's valid. They could also attack your meta refresh tags just as easily as your echo statement and do the same damage--easy peasy. Always filter/sanitize your user input!

Use the same header method to take them to the correct page as we discussed in the other thread. That way you won't have problems with some browsers ignoring your meta refresh.
Post Reply