How to pass safely text with URLs as a parameter to a CodeIgniter controller?

Question

I'm trying to send from JavaScript, by using jQuery, via AJAX, a string that might contain one or more URL's.

That text will be recieved by a CodeIgniter controller.

I'm having some errors. Sometimes it's a 404 error or other times is a 406 error depending on the way I send the data.

Right now I send it like this:

var dsPost = encodeURIComponent(base64_encode(postContent));

$.ajax({
    url: "/posts/createTextPost/" + dsPost,
    type: "POST",
    data: "userIdWall" + "=" + userIdWall,
    success: function(data, textStatus, jqXHR) {

    },
    error: function (jqXHR, textStatus, errorThrown) {

    }
});

The base64_encode fn is the phpjs implementation.

In the CI controller I do this:

public function createTextPost($dsPost) {
    $dsPost = base64_decode(urldecode($dsPost));
}

The thing is, the data can be saved to the database but I can't understand why the 404 error.

Any ideas?

Thanks.

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

base64_encode() function sometimes add / in encoded string so the Codeigniter action method behaving like second paramameter

In case Encoded String like: qwqw221@1223/dds*(ewfd)

than issue with ci

string part after "/" char behaving like 2^nd param

'*' is not allowed char

So you should use GET query string instead of CI param

Like

url: "/posts/createTextPost/?crypt=" + dsPost

And get query sting in CI controller action

public function createTextPost() {
     $dsPost = base64_decode(urldecode($this->input->get("crypt")));
}

score 0 · Answer 2 · answered Aug 20 '14 at 05:40

0

I would recommend to add the dsPost to your data in the AJAX call, instead of adding it as a parameter to the url:

$.ajax({
    url: "/posts/createTextPost/",
    type: "POST",
    data: { "dsPost": dsPost, "userIdWall", userIdWall },
    success: function(data, textStatus, jqXHR) {
      // Yippie!
    },
    error: function (jqXHR, textStatus, errorThrown) {
      // Bhuhuhu....
    }
});

...and then update your CI controller to work with the posted object instead of the input parameter:

public function createTextPost() {
  $dsPost = base64_decode( urldecode( $this->input->post('dsPost') ) );
  userIdWall = $this->input->post('userIdWall');
}

answered Aug 20 '14 at 05:40

Carl-Martin Hellberg

106
5

Hey hey! I did it that way but then I get a 406 error. Any ideas? Thanks! – Ñoñostacio Trollen Aug 20 '14 at 11:54
I will give it a try and let you know, thanks for the advice! – Ñoñostacio Trollen Aug 20 '14 at 23:06
Btw... Based on the example script you provided it looks like you are posting the AJAX to the same domain, right? If you're posting the data to another domain, you will run into the "origin not allowed" issue. If that's the case, you better use the GET method instead of POST. – Carl-Martin Hellberg Aug 21 '14 at 14:10
Not actually, same domain, but it seems like the problem was that the server, in this case hosted by godaddy has some apache restrictions that triggers a 406 error when you send via get or post to a controller something that has a http:// or https:// so the solution was to use a string replace function to replace all the http:// and all the https:// occurrences for a "normal" string and replace it back into the server side. – Ñoñostacio Trollen Aug 21 '14 at 17:38

score 0 · Answer 3 · answered Aug 20 '14 at 05:56

You have to send the content through ajax data like below.

$.ajax({
//double check your url setting in this way in case you have diffrent setting for index.php      then remove the index.php
url: "<?=base_url()?>.index.php/posts/createTextPost/",

type: "POST",
data: { 
       "dsPost": dsPost, 
       "userIdWall", userIdWall 
},
success: function(data, textStatus, jqXHR) {

},
error: function (jqXHR, textStatus, errorThrown) {

}
});

then in your controller

public function createTextPost() {
$dsPost = base64_decode( urldecode( $this->input->post('dsPost') ) );
$userIdWall=$this->input->post('userIdWall');

I hope it will help.

Hey there! I did it like that but I get a 406 error. Don't know what's causing it. Any ideas? Thanks! — Ñoñostacio Trollen, Aug 20 '14 at 11:55
plz check your url setting url: window.location.origin+'/posts/createTextPost', — Uzi Balooch, Aug 20 '14 at 12:16

score 0 · Accepted Answer · edited May 23 '17 at 12:29

So, thanks for the ideas but the answer can be found here:

PHP/Apache Error:406 Not Acceptable

I quote the answer given there:

Your website is generating error if any user input item is starting with either http:// or https:// .

When I try with a link starting with http:// I got a 406 Not Acceptable :

http://onkore.us/?blah=http://www.google.com

It is fine when I try this :

http://onkore.us/?blah=www.google.com

How to pass safely text with URLs as a parameter to a CodeIgniter controller?

4 Answers4