Login

04-19-2009, 11:13 PM

[eluser]Unknown[/eluser]
I've gotten closer to what I want, but it's still not quite right.

One thing is that I want to allow the passed-in URLs to have GET strings, e.g. if someone's saving a search result or a page from a site whose CMS uses GET strings. So I had to add '?' '=' '&' and '+' to the 'permitted_uri_chars' setting in config.php .

One thing is that the double slashes in e.g. 'http://' get collapsed to a single slash in uri_string, so to have usable URLs the second slash will have to be added back.

This is what I'm doing right now, assuming a URI string of the form '/bookmarks/add_bookmark/My Search/http://www.google.com/search?hl=en&q=search' :

Code:
function add_bookmark()

{

    $uri_string = $this->uri->uri_string();

    preg_match('/\/bookmarks\/add_bookmark\/(.*)\/((http|https|ftp)\:\/(.*))/', $uri_string, $matches);

    $data = Array();

    $data['title'] = $matches[1];

    $data['url'] = $matches[3] . '://' . $matches[4];

    $this->load->view('savebookmark_view', $data);

}

Only the '?' needs to be URI-encoded as ? in order to access the query string of the submitted URL. The forward slashes '/' must NOT be encoded or the page will give you an "Object not found!" error.

$matches[2] holds the URL passed, but with only one slash in 'http://' so it's not really usable.

I think there's probably a security issue with what I'm doing but I don't know enough about web security to find it.