0

getJSON troubles with some symbols in url

When i try this:

var lics='<?php header("Content-Type:text/javascript;charset=UTF-8","Refresh:0;url=http://example.com/");$arr=array("k"=>array("'+nme+
'"=>array("u"=>"'+gva('PrimaryKey')+'","d"=>"'+gva('SecondKey')+'")));echo $_GET["cb"]."(".json_encode($arr).");";?>',

call=[plist+'&dir=conf&nme='+nme+'.plist&arg=wb',
    lics+'&dir=.lic&nme='+nme+'.lics.php&arg=wb',
    init+'&dir=../&nme=init.'+nme+'.js&arg=wb]',

cjsn=function(c){
  $(c).each(function(i){
    $.getJSON(loc+'/.bin/.utl/com.mkupdate.php?cb=&bin='+c[i] )
    .done(function(){
      if(c===cdel){alert(help[17]);alert(help[18]);
      location.replace('http://'+location.host);
      }
    })
    .fail(function(){fail(i);});
  });
};
cjsn(call);

callback doesn't work, but when i delete "<" or ">" symbol from "lics" or letter "t" from "javascript", this callback works. How it resolve?

Aleksov
  • 1,200
  • 5
  • 17
  • 27
  • **What does the error say**? Where does it come from? – SLaks Apr 30 '13 at 19:36
  • 1
    short answer - the interpreter stops when it encounters ``, regardless of whether it is in a string or not. possible duplicate of [Why split the – jbabey Apr 30 '13 at 19:37
  • @SLaks This request is not sent, and `.fail()` activates – Aleksov Apr 30 '13 at 19:38
  • What do you see in the network tab? – SLaks Apr 30 '13 at 19:45
  • Are you using any kind of XSS protection where ever you are using this? – ars265 Apr 30 '13 at 19:48
  • @ars265 no any protection – Aleksov Apr 30 '13 at 19:50
  • @Aleksov I don't think this is the issue but why do you have a second question mark in the query? An can you post the error you are having as shown in your javascript console? – ars265 Apr 30 '13 at 19:52
  • @ars265 there are no errors in the console, a simple request is not working – Aleksov Apr 30 '13 at 19:55
  • What do you see in the **network** tab? – SLaks Apr 30 '13 at 20:42
  • @SLaks 403 error in console – Aleksov Apr 30 '13 at 20:46
  • @SLaks GET http://example.com/com.mkupdate.php?cb=jQuery20005069328628014773_1367354984399&bin=%3C?php%20header(%22Content-Type:text/javascript;charset=UTF-8%22,%22Refresh:0;url=http://example.com/%22);$arr=array(%22k%22=%3Earray(%22ptmedia%22=%3Earray(%22u%22=%3E%22%22,%22d%22=%3E%22%22)));echo%20$_GET[%22cb%22].%22(%22.json_encode($arr).%22);%22;?%3E&dir=.lic&nme=ptmedia.lics.php&arg=wb&_=1367354984400 HTTP/1.1 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 t – Aleksov Apr 30 '13 at 20:52

3 Answers3

1

Use the structured form of $.getJSON so that the parameters will be URL-encoded properly:

$.getJSON('file.php', {
    cb: '?',
    bin: myvar
}, function(result) {...});
Barmar
  • 741,623
  • 53
  • 500
  • 612
0

You need to URL encode the < to %3C and > to %3E. Here is a reference to the characters that need encoding, http://www.w3schools.com/tags/ref_urlencode.asp.

See this post for how to encode in javascript.

Community
  • 1
  • 1
ars265
  • 1,949
  • 3
  • 21
  • 37
0

Your server is sending an HTTP 403 Forbidden response.
You need to fix the server-side code so that it doesn't do that.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964