如何安全地将带有URL作为参数的文本传递给CodeIgniter控制器?
[英]How to pass safely text with URLs as a parameter to a CodeIgniter controller?
问题描述
I'm trying to send from JavaScript, by using jQuery, via AJAX, a string that might contain one or more URL's. 
我试图通过jQuery通过AJAX从JavaScript发送,该字符串可能包含一个或多个URL。
That text will be recieved by a CodeIgniter controller. 该文本将由CodeIgniter控制器接收。
I'm having some errors. 我有一些错误。 Sometimes it's a 404 error or other times is a 406 error depending on the way I send the data. 有时是404错误,有时是406错误,具体取决于我发送数据的方式。
Right now I send it like this: 现在,我将其发送为:
var dsPost = encodeURIComponent(base64_encode(postContent));
$.ajax({
url: "/posts/createTextPost/" + dsPost,
type: "POST",
data: "userIdWall" + "=" + userIdWall,
success: function(data, textStatus, jqXHR) {
},
error: function (jqXHR, textStatus, errorThrown) {
}
});
The base64_encode fn is the phpjs implementation. base64_encode fn是phpjs实现。
In the CI controller I do this: 在CI控制器中,我这样做:
public function createTextPost($dsPost) {
$dsPost = base64_decode(urldecode($dsPost));
}
The thing is, the data can be saved to the database but I can't understand why the 404 error. 关键是,数据可以保存到数据库,但我不明白为什么会出现404错误。
Any ideas? 有任何想法吗?
Thanks. 谢谢。
4 个解决方案
解决方案1
0 2014-08-20 05:40:17
base64_encode() function sometimes add / in encoded string so the Codeigniter action method behaving like second paramameter base64_encode()函数有时添加/在编码的字符串,因此Codeigniter动作方法表现得像second paramameter
In case Encoded String like: qwqw221@1223/dds*(ewfd)
than issue with ci 比ci问题
string part after "/" char behaving like 2 nd param
'*' is not allowed char
So you should use GET query string instead of CI param 因此,您应该使用GET查询字符串而不是CI参数
Like 喜欢
url: "/posts/createTextPost/?crypt=" + dsPost
And get query sting in CI controller action 并在CI控制器操作中获取查询字符串
public function createTextPost() {
$dsPost = base64_decode(urldecode($this->input->get("crypt")));
}
解决方案2
0 2014-08-20 05:40:19
I would recommend to add the dsPost to your data in the AJAX call, instead of adding it as a parameter to the url: 我建议将dsPost添加到AJAX调用中的数据中,而不是将其作为参数添加到url中:
$.ajax({
url: "/posts/createTextPost/",
type: "POST",
data: { "dsPost": dsPost, "userIdWall", userIdWall },
success: function(data, textStatus, jqXHR) {
// Yippie!
},
error: function (jqXHR, textStatus, errorThrown) {
// Bhuhuhu....
}
});
...and then update your CI controller to work with the posted object instead of the input parameter: ...然后更新您的CI控制器以使用发布的对象而不是输入参数:
public function createTextPost() {
$dsPost = base64_decode( urldecode( $this->input->post('dsPost') ) );
userIdWall = $this->input->post('userIdWall');
}
解决方案3
0 2014-08-20 05:56:09
You have to send the content through ajax data like below. 您必须通过ajax数据发送内容,如下所示。
$.ajax({
//double check your url setting in this way in case you have diffrent setting for index.php then remove the index.php
url: "<?=base_url()?>.index.php/posts/createTextPost/",
type: "POST",
data: {
"dsPost": dsPost,
"userIdWall", userIdWall
},
success: function(data, textStatus, jqXHR) {
},
error: function (jqXHR, textStatus, errorThrown) {
}
});
then in your controller 然后在您的控制器中
public function createTextPost() {
$dsPost = base64_decode( urldecode( $this->input->post('dsPost') ) );
$userIdWall=$this->input->post('userIdWall');
I hope it will help. 希望对您有所帮助。
解决方案4
0 已采纳 2014-08-21 03:09:54
So, thanks for the ideas but the answer can be found here: 因此,感谢您的想法,但可以在这里找到答案:
PHP/Apache Error:406 Not Acceptable PHP / Apache错误:406不可接受
I quote the answer given there: 我引用那里给出的答案:
Your website is generating error if any user input item is starting with either http:// or https:// .
When I try with a link starting with http:// I got a 406 Not Acceptable :
http://onkore.us/?blah=http://www.google.com
It is fine when I try this :
http://onkore.us/?blah=www.google.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.