Welcome Guest, Not a member yet? Register   Sign In
Redirect not working with string as parameter
#1

[eluser]Unknown[/eluser]
My code looks like so

Code:
class Awesome extends CI_Controller
{
function test_string()
{
  $param = urlencode("GgkyUW3k0FfQUEYLumqVsQs/vQ2gtoigdsvRpOqFO+oUwIqBCsudaFBJew+FWSIBI6XnPP6sfwxo3rlb6p8TTQ==");
  redirect("awesome/test_pass_string/".$param);
}
    
function test_pass_string($param)
{
  echo $param;
}
}

when i key in "http://localhost/awesome_site/index.php/...est_string" on my browser, it returns '404 Object Not Found'. Please help
#2

[eluser]davidbehler[/eluser]
Are you sure it even does the redirect? What happens if you replace the redirect with
Code:
echo 123;
? Do you still get the same error or do you see the 123 output?
#3

[eluser]rogierb[/eluser]
It looks like a relative redirect instead of an absolute redirect
Code:
redirect("awesome/test_pass_string/".$param);

will probable do something like redirect to http://localhost/awesome_site/index.php/...ing/{param}

so try something like
Code:
redirect("/awesome/test_pass_string/".$param);
#4

[eluser]Unknown[/eluser]
No luck. I've changed it to

Code:
redirect("/awesome/test_pass_string/".$param);

and still 404.

However, I've tried shortening the 404 url from

Code:
http://localhost/awesome_site/index.php/awesome/test_pass_string/GgkyUW3k0FfQUEYLumqVsQs/vQ2gtoigdsvRpOqFO+oUwIqBCsudaFBJew+FWSIBI6XnPP6sfwxo3rlb6p8TTQ==
***Param value is actually urlencoded but this forum displayed it as normal. No idea how to post urlencoded string here

to

Code:
http://localhost/home_finance/index.php/site/test_pass_string/GgkyUW3k0FfQUEYLumqVsQs

and it works. Does this mean I can't use (%) character in redirect? Or is there another way?


I'm trying encrypt the value I'm sending since calling something

Code:
awesome/delete_something/2

(2 being the id to delete) will be more prone to abuse than

Code:
awesome/delete_something/GgkyUW3k0FfQUEYLumqVsQs

Thanks.
#5

[eluser]rogierb[/eluser]
I see what your trying to do but obfuscating is never good practice. I could easily write a script that tests every possible uri and delete things from your db. It might take weeks but still...

You can still use
Code:
awesome/delete_something/2

But I would go with post data and test that post data instead of relying on and URL.

For instance I use both:
Code:
awesome/delete_something/2

and

if(isset($_POST['some_id']) && $_POST['some_id'] == $my_segment)
{
    //other checks like csrf, xss etc
}




Theme © iAndrew 2016 - Forum software by © MyBB