0

I have a PHP script located at http://localhost/dir1/dir2/shift.php that I am passing urls as parameters to like so: http://localhost/dir1/dir2/https://google.com but I am getting a Forbidden you don't have access error. When I remove the : it works fine though. I have checked my regex with some online regex validation tools and it says that it should be working but it doesn't

RewriteEngine on
RewriteRule ^dir1\/dir2\/([A-Za-z0-9\!\@\#\$\%\^\&\*\(\)\_\-\+\=\{\}\[\]\;\:\'\"\<\,\>\.\?\|\~\`\s\/\\]+)\/?  dir1\/dir2\/shift.php?url=$1 [L]

Any help would be great. Thanks!

bigbluehouse
  • 45
  • 2
  • 11
  • 2
    That pattern is using some \u\n\n\e\c\e\s\s\a\r\y \e\s\c\a\p\i\n\g in the character class. – mickmackusa Jul 13 '18 at 22:19
  • You can use something like regex101 to doublecheck the regex? Looks overly complicated to me though. – Liam Sorsby Jul 13 '18 at 22:21
  • Be careful of reserved characters. https://stackoverflow.com/q/1547899/2943403 urls have rules -- not just which characters can be used, but _where_ they can be used. Your desired url seems _weird_ to me. – mickmackusa Jul 13 '18 at 22:23
  • This is my first time really dealing with regex so I'm still learning. I did try regex101 and it said its valid. Basically I am trying just to pass everything after `dir1/dir2/` as a parameter to shift.php. The PHP script will handle validating the url. – bigbluehouse Jul 13 '18 at 22:30
  • `:` can lead to errors in url2filesystem mapping as forbidden symbol. This should work in non-directory context. – Deadooshka Jul 13 '18 at 22:55

1 Answers1

0

You should not use reserved characters in URL.

Though you can URL encode and then pass it as a parameter. For example:

http://localhost/dir1/dir2/shift.php?
param=http%3A%2F%2Flocalhost%2Fdir1%2Fdir2%2Fhttps%3A%2F%2Fgoogle.com

And then in shift.php you can first URL decode the parameter and then use.

Aman Chhabra
  • 3,824
  • 1
  • 23
  • 39