URL via javascript into CodeIgniter

#1
[eluser]Doncqueurs[/eluser]
Hi,

I ran into a little problem and couldn't really find an answer in this forum. It seems like there has been a closely related issue a year ago, but unfortunately that didn't help me to solve the problem.

I try to do the following. With this piece of javascript I would like to add url and sitename to my application.

Quote:java_script:location.href='http://localhost/index.php/bookmarks/add/'+encodeURIComponent(location.href)+'/'+encodeURIComponent(document.title)

(bookmarks is the controller and add the function within the controller)
(Of course java_script should be javascript but I am not allowed to use that word in this forum (or at least it gets automatically removed)

This results in the following URL:

Quote:http://localhost/index.php/bookmarks/add/http://www.codeigniter.com//CodeIgniter%20-%20Open%20source%20PHP%20web%20application%20framework

On the receiving end I have this script:
Quote:<?php
class Bookmarks extends Controller {

function add($url, $name){ //
echo "URL: " . $url ."<br />";
echo "Name: " . $name;
}
}
?&gt;

If things were working fine this would display something like:
Quote:URL: http://www.codeigniter.com
Name: CodeIgniter

Instead I get:
Quote:Not Found

The requested URL /collaboration/index.php/bookmarks/add/http://www.codeigniter.com//CodeIgniter - Open source PHP web application framework was not found on this server.

Apache/1.3.33 Server at powerbook.local Port 80

Conclusion, it seems that CodeIgniter decodes the javascript urlencoded before it is told to do so. This results in requesting a URL that doesn't exist. Is there anybody who found a way to work around this?

Thanks, Jochem

PS. I tried to give full information I hope that I succeeded in it. In case you miss something please drop me a note. (I use a recent - last two weeks - download - last two weeks - of CodeIgniter).

#2
[eluser]Phil Sturgeon[/eluser]
I'm betting your trouble comes from lines 503-504 of libraries/Input.php

Code:
$str = preg_replace("/&#xu0;([a-z0-9]{3})/i", "&#x\\1;", $str);
        $str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str);

This should be disabled in the /config/config.php but perhaps its either on or not working for you.

If you can set:

Code:
$config['global_xss_filtering'] = FALSE;

If it is already false, then either comment out the two lines I mentioned in the input library, or include an if saying

Code:
$CI =& get_instance();
    if($CI->uri->router->class != 'bookmarks' and $CI->uri->router->method != 'add'):
            $str = preg_replace("/&#xu0;([a-z0-9]{3})/i", "&#x\\1;", $str);
        $str = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $str);
    endif;

Then this XSS_CLEAN function will only run if its not this page. anyone got a batter idea? >.<

#3
[eluser]Doncqueurs[/eluser]
Unfortunately, these suggestions didn't solve the problem.

#4
[eluser]gunter[/eluser]
whenever you have urlencoded slashes then the problem occurs, right?
so if you are calling http://www.yoursite.com/controller/funct...nt%20hello then apache tries to load the file segment/hello and not anymore the controller...
I don´t know how to fix that (so Apache don´t decode it automatically...)
, but there were some postings with that problems (url in segment):

search in the forum for the keywords: segment slash

http://ellislab.com/forums/viewthread/47842/
http://ellislab.com/forums/viewthread/53931/

#5
[eluser]Phil Sturgeon[/eluser]
If you REAAAAAALLY get stressed with it, perhaps enabling good old fashioned query strings will work for you? Then manually recreating the / based segments using some htaccess rules of your own?

Just a thought 8-/


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.