1

I have a php file which doesn't establish database connection.

When I pass an url as a param like 

 http://mydomain.com?q=http%3A%2F%2Fmyoranotherdomain.com

It shows a 403 error: 

 You don't have permision to access blahblah.php file.

And when I remove the http part in param, it's alright like

 http://mydomain.com?q=myoranotherdomain.com

How can I let domains be passed in the url as params?

DominikAngerer
  • 6,354
  • 5
  • 33
  • 60
Sfgewrgrfg Wgwrgwrg
  • 23
  • 1
  • 6

1 Answers1

0

The easiest way is to encode the url with:

string urlencode ( string $str )

http://php.net/manual/en/function.urlencode.php

You also have to do the decode:

string urldecode ( string $str )

http://php.net/manual/en/function.urldecode.php

It's always this methode to encode parameter with special characters.

Final Solution:

I found this: I get a 403 error when submitting "http://www." via GET. Even if it's encoded beforehand. Is there a solution for this?

The answer is to replace the http://www String with something like: htpwwwashere in javascript and replace it again in your php. The reason - according to the link above - is some security stuff like to prevent injection attacks on the pages they're serving up.

Community
  • 1
  • 1
DominikAngerer
  • 6,354
  • 5
  • 33
  • 60
  • Is there a difference between this method and encoding URL with JS? I use JavaScript to encode params – Sfgewrgrfg Wgwrgwrg May 12 '13 at 21:34
  • Maybe - What is the JS behinde your encoding – DominikAngerer May 12 '13 at 21:35
  • isn't my example link already encoded? or am I missing something? @Bart I already use it. I thought the problem maybe caused by httaccess configurations on the server – Sfgewrgrfg Wgwrgwrg May 12 '13 at 21:38
  • You did the encoding fine - but did you decode the parameter before you use it? – DominikAngerer May 12 '13 at 21:41
  • Of course I do. There's nothing wrong with special character encoding and decoding. Theproblem is only http in the param. I think it's a serverside security or something... – Sfgewrgrfg Wgwrgwrg May 12 '13 at 21:44
  • it's set 644 and I checked both 664 and 666. Doesn't help – Sfgewrgrfg Wgwrgwrg May 12 '13 at 21:47
  • I found something EXACTLY for you: http://stackoverflow.com/questions/6481870/i-get-a-403-error-when-submitting-http-www-via-get-even-if-its-encoded-be?rq=1 The answer is to replace the `http://www` String with something like `htpwwwashere` in javascript and replace it again in your php. The reason - according to the link above - is some security stuff like to prevent injection attacks on the pages they're serving up. – DominikAngerer May 12 '13 at 21:49
  • Thank you. I'll try it. If it doesn't help, I'll talk to my host provider :) – Sfgewrgrfg Wgwrgwrg May 12 '13 at 21:57