Placing URL within URI

[eluser]tommizzle[/eluser]
Hi,

I'm currently trying to place a URL within a URL. (e.g. http://site.com/api/url/http://www.url2.com/format/xml) using Phil Sturgeon's Codeigniter REST Library (https://github.com/philsturgeon/codeigniter-restserver)

I'm aware that I have to encode the URL, which I have done, but now I am getting a 404 error back from the server (rather than CI.) Apparently the "AllowEncodedSlashes On" Apache directive should help me in this spot, but it doesn't seem to be making any impact whatsoever. I've placed it in the httpd.conf like so:

Code:

<VirtualHost *:80>
DocumentRoot /var/www/vhosts/site.com/httpdocs
ServerName site.com

AllowEncodedSlashes On
</VirtualHost>

Then restarted Apache with the "/etc/init.d/httpd restart" command.

I've been trying to solve this issue for days now. I've some people saying that the AllowEncodedSlashes directive works, and some people saying that it's buggy and should be depreciated. I'm wondering if there's an issue with AllowEncodedSlashes and clean URL's working together?

Has anyone else had this issue? Any help is appreciated.

Thanks,

Tom

[eluser]Twisted1919[/eluser]
base64_encode() and base64_decode() plus allow the = (equal) sign in config.php in allowed uri characters section .
This is the key .

[eluser]tommizzle[/eluser]
[quote author="Twisted1919" date="1292006427"]base64_encode() and base64_decode() plus allow the = (equal) sign in config.php in allowed uri characters section .
This is the key .[/quote]

My only worry with this would be that asking people to base64 encode their URL's seems a little bad?

[eluser]Twisted1919[/eluser]
yes it might affect them, but you are he developer, you set the rules.
you can also do something like :

Code:

//  http://site.com/api/url?to=http://www.url2.com/format/xml&allow=yes
public function url()
{
   $url = '';
   if(!empty($_SERVER['QUERY_STRING']))
   {
     parse_str($_SERVER['QUERY_STRING'], $_GET);
     foreach ($_GET as $key=>$val)
     {
       $_GET[$key] = $this->security->xss_clean($val);
       // or [depending on your CI version]
       $_GET[$key] = $this->input->xss_clean($val);
     }
     $url = $this->input->get('to');
   }
   if(empty($url))
   {
      show_error('Please pass a url');
   }
   // continue with what's in the $url var .
   // notice, &allow=yes is used only to avoid codeigniter return a 404 page and you need a second get   variable in order to use the params from $_GET.
        
}

[eluser]tommizzle[/eluser]
[quote author="Twisted1919" date="1292009043"]yes it might affect them, but you are he developer, you set the rules.
you can also do something like :

Code:

//  http://site.com/api/url?to=http://www.url2.com/format/xml&allow=yes
public function url()
{
   $url = '';
   if(!empty($_SERVER['QUERY_STRING']))
   {
     parse_str($_SERVER['QUERY_STRING'], $_GET);
     foreach ($_GET as $key=>$val)
     {
       $_GET[$key] = $this->security->xss_clean($val);
       // or [depending on your CI version]
       $_GET[$key] = $this->input->xss_clean($val);
     }
     $url = $this->input->get('to');
   }
   if(empty($url))
   {
      show_error('Please pass a url');
   }
   // continue with what's in the $url var .
   // notice, &allow=yes is used only to avoid codeigniter return a 404 page and you need a second get   variable in order to use the params from $_GET.
        
}

[/quote]

Haha - I'm aware that I set the rules but that doesn't mean I can ignore my user base!

Thanks for that solution. I'd rather not use $_GET, although if there's no other way round it then I guess I'll have to.

[eluser]Twisted1919[/eluser]
yeah every solution has it's down side.
I think that if i where you i would do something like
http://site.com/api/url/[http://www.url2.com/format/xml]
and allow [ and ] in the permitted uri chars then i would do a str_replace to get the url between the [ ]