Have Geek Brain

Php $ _REQUEST data only partially decoded

I am getting the encoded url via querystring. I need to pass it to the next page. When I retrieve it for the first time using $_REQUEST['url']

only slashes are decoded, e.g .:

http://example.com/search~S10?/Xllamas&searchscope=10&SORT=D/Xllamas&searchscope=10&SORT=D&SUBKEY=llamas/51%2C64%2C64%2CB/browse

the php docs page for urldecode advises against decode request data and says it will already be decoded. I need it to be fully decoded, so I can re-encode it without double-encoding some parts, or not decode at all.

I'm not sure why my experience with this data is incompatible with the php docs. Appreciate any help or pointers besides!

EDIT: Try to post the relevant code that's scattered about:

url encoded and added to querystring (in html file using smarty template):
 <a class="button" href="{$baseurl}search_nojs?searcharg={$searcharg|escape:'url'}&url={$next|escape:'url'}"><span>Next&gt;&gt;</span></a>

If this link was followed, I grab the url from the query string (in a php file):

       if(array_key_exists('url', $_REQUEST)) {
            $sm->assign("searchurl", $_REQUEST['url']);
        }

Then I would like to insert the url back into the query string for the following link (in another html file):
href="{$baseurl}detail?bibid={$res.bibid}&searcharg={$searcharg}{if $searchurl}&searchurl={$searchurl}{/if}"

I also print {$searchurl}

directly to the page and get the same result with half the escaping.

Here's another example of a request with data received from $_REQUEST

:

originally url encoded in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse

data obtained from $_REQUEST

:
searcharg=mammals&searchurl=http://example.com/search~S10?/Xmammals&searchscope=10&SORT=D/Xmammals&searchscope=10&SORT=D&SUBKEY=mammals/51%2C1114%2C1114%2CB/browse

I know this method might sound curious - I am trying to make a mobile display while working with a black box database. Thanks again for any help!

+2


a source to share


2 answers


Here's another example request and data retrieved from $ _REQUEST:

originally encoded url in querystring: searcharg = mammals & url = HTTP% 3A% 2F% 2Fexample.com% 2Fsearch% 7ES10% 3F% 2FXmammals% 26searchscope% 3D10% 26SORT% 3DD% 2FXmammals% 26searchscope% 3D10% 26SORTEY% 3DD% 26SUBKEY% 26SUBKEY% 3Dmammals% 2F51% 252C1114% 252C1114% 252CB% 2Fbrowse

This is double coding. For example: %252C -> %2C -> ,

So, the moment you encode the url parameter, you enter double encoding. Perhaps you should make sure that before the encoding parameters you decode them until they can not be decoded (aka canonicalization). You can use urldecode

in a loop for this.



You should also make sure that when you put the url parameter back into the html context (as a link) that you also avoid for HTML attributes. Otherwise, you have an XSS vulnerability.

+1


a source


the comma (U + 002C) is a reserved character in the request and therefore must be encoded with %2C

:



3.4. Query component

The request component is a string of information to be interpreted by the resource.

  query         = *uric

Within a query component, the characters " ;

", " /

", " ?

", " :

", " @

", " &

", " =

", " +

", " ,

" and " $

" are reserved.

0


a source






More articles:


All Articles