| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 3 of 3
-
Jun 2, 2009, 16:28 #1SitePoint Enthusiast
- Join Date
- Mar 2007
- Posts
- 83
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Checking a location encode is safe
I've created two functions to use on a site that uses a "send to" variable (like you go to a logged in only page, which sends you to the log in page with a get variable of whatever that other page, so when you log in it sends you to the original page).
But i want to create a function that will validate the 'sendto' value as safe.PHP Code:/**
* Encodes page and uri query information
*
* page_encode('search', array('key' => 'value', 'foo' => 'bar')) will return "search/key:value/foo:bar"
*
* @param string $page
* @param array $arguements
* @return string
*/
function page_encode ($page, $arguements = array())
{
$array = array();
$array[] = $page;
if (!empty($arguements))
{
foreach ($arguements as $k => $v)
{
$array[] = $k.':'.$v;
}
}
return urlencode(implode('/', $array));
}
/**
* Decondes page and uri query information to a usable location
*
* page_decode('search/key:value/foo:bar') will return "search.php?key=value&foo=bar"
*
* @param string $page
* @return string
*/
function page_decode ($page)
{
$part = explode('/', $page);
$parts = count($part);
$link = $part[0].'.php';
if ($parts > 1)
{
$link .= '?';
$arguements = array();
for ($i = 1; $i < $parts; $i++)
{
$split = explode(':', $part[$i]);
$arguements[] = $split[0].'='.$split[1];
}
$link .= implode('&', $arguements);
}
return $link;
}
Not sure which way to go about it ? What's most effective ?
If it's with regular expressions i'm completely useless at them.
Would it be effective and just as fast to explode the whole thing and check each part bit by bit than to create one complex regular expression for it ?
Basicly i want to make sure there's no domain for anything on the page bit, and no file extention, then no dodgy stuff in the rest, and that it's all formed properly etc.
thanks ! : )
PS if you have any tips on improving the encode / decode functions that'd be wonderful ! ^^Last edited by WakeMeWithAKiss; Jun 2, 2009 at 16:29. Reason: typo
-
Jun 2, 2009, 16:47 #2¬.¬ shoooo...
- Join Date
- Oct 2005
- Location
- CA
- Posts
- 9,013
- Mentioned
- 8 Post(s)
- Tagged
- 0 Thread(s)
I haven't tried these just yet, but I'm confident they function as expected.
As for validation, well that depends on the what characters you want to allow.PHP Code:function page_encode ( $page, $args = array() )
{
$args = http_build_query( $args, 'flag_', '/' );
$args = str_repeat( '=', ':', $args );
return "$page/$args";
}
function page_decode ( $page )
{
list( $page, $args ) = explode( '/', $page, 2 );
$args = str_replace( array( '/', ':' ), array( '&', '=' ), $args );
return "$page.php?$args";
}
-
Jun 3, 2009, 05:07 #3SitePoint Enthusiast
- Join Date
- Mar 2007
- Posts
- 83
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Much simpler way of doing it than mine, thanks :P
Well i want to block any links on the page side mainly as it's going to be used in the code as:
And i just want the rest to be anything normally allowed in the query part of the URI.PHP Code:header('Location: '.page_decode($string));
Anything else i'd need for security sake ?
Bookmarks