Welcome Guest, Not a member yet? Register   Sign In
URL via javascript into CodeIgniter


I ran into a little problem and couldn't really find an answer in this forum. It seems like there has been a closely related issue a year ago, but unfortunately that didn't help me to solve the problem.

I try to do the following. With this piece of javascript I would like to add url and sitename to my application.


(bookmarks is the controller and add the function within the controller)
(Of course java_script should be javascript but I am not allowed to use that word in this forum (or at least it gets automatically removed)

This results in the following URL:


On the receiving end I have this script:
class Bookmarks extends Controller {

function add($url, $name){ //
echo "URL: " . $url ."<br />";
echo "Name: " . $name;

If things were working fine this would display something like:
Quote:URL: http://www.codeigniter.com
Name: CodeIgniter

Instead I get:
Quote:Not Found

The requested URL /collaboration/index.php/bookmarks/add/http://www.codeigniter.com//CodeIgniter - Open source PHP web application framework was not found on this server.

Apache/1.3.33 Server at powerbook.local Port 80

Conclusion, it seems that CodeIgniter decodes the javascript urlencoded before it is told to do so. This results in requesting a URL that doesn't exist. Is there anybody who found a way to work around this?

Thanks, Jochem

PS. I tried to give full information I hope that I succeeded in it. In case you miss something please drop me a note. (I use a recent - last two weeks - download - last two weeks - of CodeIgniter).

[eluser]Phil Sturgeon[/eluser]
I'm betting your trouble comes from lines 503-504 of libraries/Input.php

$str = preg_replace("/&#xu0;([a-z0-9]{3})/i", "&#x\\1;", $str);
        $str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str);

This should be disabled in the /config/config.php but perhaps its either on or not working for you.

If you can set:

$config['global_xss_filtering'] = FALSE;

If it is already false, then either comment out the two lines I mentioned in the input library, or include an if saying

$CI =& get_instance();
    if($CI->uri->router->class != 'bookmarks' and $CI->uri->router->method != 'add'):
            $str = preg_replace("/&#xu0;([a-z0-9]{3})/i", "&#x\\1;", $str);
        $str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str);

Then this XSS_CLEAN function will only run if its not this page. anyone got a batter idea? >.<

Unfortunately, these suggestions didn't solve the problem.

whenever you have urlencoded slashes then the problem occurs, right?
so if you are calling http://www.yoursite.com/controller/funct...nt%20hello then apache tries to load the file segment/hello and not anymore the controller...
I don´t know how to fix that (so Apache don´t decode it automatically...)
, but there were some postings with that problems (url in segment):

search in the forum for the keywords: segment slash


[eluser]Phil Sturgeon[/eluser]
If you REAAAAAALLY get stressed with it, perhaps enabling good old fashioned query strings will work for you? Then manually recreating the / based segments using some htaccess rules of your own?

Just a thought 8-/

Theme © iAndrew 2016 - Forum software by © MyBB