up vote 0 down vote favorite
share [g+] share [fb]

when i use an *http://*foo string on my page, i get error.

For example: 

http://www.myadress.com/process.php?url=http://foo

When i cut http:// , it works. What must i do to use http:// on query strings?

i use url like this:

$address = @$_GET['url'];
$source = file_get_contents($url);
//bla bla

it displays 404 error.

No change with encode.

Always redirect to 404 error page. But when i erase http:// , it works. I wonder if it is because of .htaccess file?

here are .htaccess codes (wordpress classic):

RewriteEngine Off
#test
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Use PHP 5.3
Action application/x-hg-php53 /cgi-sys/php53
AddHandler application/x-hg-php53 .php
link|improve this question
53% accept rate
3  
What error do you get? Where are you using that URL? – SLaks Sep 11 '11 at 13:42
1  
what about encoding the url content? like myadress.com/process.php?url=http%3A%2F%2Ffoo – Marek Sebera Sep 11 '11 at 13:43
404 error. Redirect to 404. – Benjamin Sep 11 '11 at 13:44
2  
You're abusing file_get_contents. Never use user-supplied input directly in such functions. – Lekensteyn Sep 11 '11 at 13:48
it is not about abusing file_get_contents. Error is before that. – Benjamin Sep 11 '11 at 14:00
feedback

4 Answers

up vote 0 down vote

If the http seems to be problem try something like this:

some.php?url=[s]something.com

And then use php

$url = str_replace("[s]", "http://", $url);
$source = file_get_contents($url);
link|improve this answer
Didn´t this work or why did someone mark this -1 ? – Olli Sep 11 '11 at 14:27
There's an already-designed solution to this problem (URL escape sequences), that lets you pass the real URL through. Mangling the string like you suggest makes it so that it's only useful after a str_replace. It's an ugly and error-prone solution to the problem. – cHao Sep 11 '11 at 14:30
This resolves but not handy. I am not voter also :) – Benjamin Sep 11 '11 at 14:31
@cHao, there is not already-designed solution for "this" question. – Benjamin Sep 11 '11 at 14:32
1  
@Benjamin if this works, maybe you can use this solution. Actually it´s not very handy, but at least it works! – Olli Sep 11 '11 at 14:37
show 1 more comment
feedback
up vote 0 down vote

You'll need to replace the slashes with %2F, like this:
http://www.myadress.com/process.php?url=http:%2F%2Ffoo
Then PHP will convert it back to http://:
echo $_GET["url"]; // echos http://foo

link|improve this answer
No change with encode. Always redirect to 404 error page. But i erase http:// , it works. I wonder if it is because of .htaccess file? – Benjamin Sep 11 '11 at 13:50
The slashes are fine. It's the colon that's causing issues -- it's a special character in URLs, while slashes really aren't unless they're doubled up right after the first colon. – cHao Sep 11 '11 at 14:25
And no, it's not due to the .htaccess file; there's nothing in there that'd be causing the issue (assuming you posted the whole thing). It might have something to do with your mod_security configuration, though, if escaping the URL doesn't work. – cHao Sep 11 '11 at 15:12
feedback
up vote 4 down vote

Depending on its contents, you may need to encode it with urlencode()

$url = urlencode("http://foo");
echo "http://www.example.com/process.php?url=$url;

// prints 
http://www.example.com/process.php?url=http%3A%2F%2Ffoo
link|improve this answer
feedback
up vote 4 down vote

As with all special characters in URLs, you have to encode them.

link|improve this answer
No change. This works in another server but doesn't work in a server hosted by hostgator. So strange. – Benjamin Sep 11 '11 at 13:59
IIRC HostGator servers come with mod_security or something like that set up. It's possible that it's set up to protect you from yourself, by preventing full URLs from getting passed to scripts. (Some people just include the URL directly. It's a way-too-common vulnerability that allows attackers to run arbitrary code on your server.) – cHao Sep 11 '11 at 14:49
feedback

Your Answer

 
or
required, but never shown

Not the answer you're looking for? Browse other questions tagged or ask your own question.