Skip to main content
mmasquith
mmasquith
Participating Frequently
June 14, 2010
質問

PHP "restrict access to page" behavior oddity - extra "/" in URL

  • June 14, 2010
  • 返信数 1.
  • 3912 ビュー

I have a page with the 'Restrict Access to Page' behavior applied.

The URL that is created is like: "http://domain.com/login.php?accesscheck=%2Fprojects.php"

The %2F in front of projects.php is somehow causing the URL that shows in the browser address area to be login.php instead of projects.php after I enter the correct username and password and the browser navigates to projects.php. So you end up on the correct page, projects.php, but in your browser's address area, it shows login.php.

If I manually remove the %2F, making the accesscheck URL: "http://domain.com/login.php?accesscheck=projects.php", refresh, and put in the correct username and password, it navigates to the correct destination, projects.php, and the correct URL displays in the browser address area.

The %2F slash seems to come out of this section of code: 

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
...specifically, $QUERY_STRING. It seems to have an initial "/" character, even though nothing I've coded uses it. When the DW behavior code creates $MM_referrer, and then applies urlencode(), the / gets converted to %2F. 
 
So I'm mystified as to where this extra / comes from in $QUERY_STRING, and why it keeps the URL in the browser from correctly showing the page it navigated to (projects.php).
このトピックへの返信は締め切られました。
返信数 1
David_Powers
David_Powers
Inspiring
June 14, 2010
Don't know which version of Dreamweaver you're using, but $QUERY_STRING is deprecated code. Replace all instances with $_SERVER['QUERY_STRING'].
mmasquith
mmasquith作成者
Participating Frequently
June 15, 2010
Thanks, David.
I'm using CS4.
I saw a post on a related topic also say to use $_SERVER['QUERY_STRING'], and have replaced all instances, but unfortunately, the problem remains.
Considering that $_SERVER['QUERY_STRING'] gets its value from the server (yes?), there's probably not a lot that Dreamweaver can do to control it. I don't see anywhere in the chain of Dreamweaver code that would cause this, it is more likely to be a server issue.
That being said, and you being a seasoned professional, can you think of any reason or known setting a server would have to do this? 
To me, the seemingly arbitrary prepending of a / character, even if technically correct from a path perspective, seems strange. I have not run into this behavior before. I'm also still bewildered as to why the browser doesn't show the correct URL for the page being displayed. You end up looking at the projects.php page, but have the login.php URL in the address area. This happens in all my test browsers... Safari, Opera, Firefox, Chrome, all on Mac OSX 10.6.
I think I'll have to write some custom code to detect and remove the /. 
mmasquith
mmasquith作成者
Participating Frequently
June 15, 2010
The leading slash comes from this line:
$MM_referrer = $_SERVER['PHP_SELF'];
This correctly redirects the user to the referring page when used on a live server or in a virtual host. Presumably, you're testing in a subfolder of localhost, which is why it doesn't work.
$_SERVER['PHP_SELF'] produces a site-root-relative path, such as /products/widgets.php.

Interesting.
Actually, no, I'm testing on a live server (from a hosting company I've never used before).
I made a page to view phpinfo(), and it reports
_SERVER["PHP_SELF"]/phpinfo.php
... so that test page proves your point, the leading slash comes from PHP_SELF.
I'm still unclear as to why this leaves the browsers in the weird state of displaying the correct destination page, but having the URL for the login page in the address field. Shouldn't having the destination as "/projects.php" or "projects.php" be the same? All this is in the site root.
I'm thinking I should probably put this question to the hosting company. Sadly their responsiveness is not so good thus far.
In the meantime, I'll try writing some code to pull out that slash.
EDIT: This seems to work: 
  if ((strpos($MM_referrer, "/")) == 0) $MM_referrer=ltrim($MM_referrer, "/");

 
I certainly appreciate your help!
Message was edited by: mmasquith

        
                                                

        

    


            

                                        

            
                        

                                                                                                            
            




        

                    

    
    





    


                                        

                                                        

            
        
    






                                    
契約条件Accessibility statement

            
        



        
            
    
        
    
        



        
        
        


        


        
        
        
        
                                                        

                            
    

                    

  

    

      
        
      
    

    

      
        Using the community
      
      
        Terms of use
      
      
        Privacy
      
      
        Cookie preferences
      
      
        Do not sell or share my personal information
      
      
        ad choicesAdChoices