allow_url_include is there a way to allow includes from just one Url. maybe with Htaccess or in the PHP?
No. To fetch the contents of a URL, use file_get_contents(). Then, to send the result back to the waiting browser, just use echo().
$contents = file_get_contents('http://www.example.com/');
echo( $contents );
The above will require that you set config allow_url_fopen=1 (which is already set by default).
If you were to use include, instead of the approach I've shown above, there would be one major difference: include also executes any PHP code it finds inside the fetched document. In general, this is a really dangerous thing to allow unless you know that you control 100% of the contents of the document being included.
That said: if you do want code that works exactly like include, you can do something like the following (which is safer because it only fetches a single URL, and it doesn't require you to enable allow_url_include).
$contents = file_get_contents('http://www.example.com/');
eval('?>'.$contents);
If you choose do this, be certain that you control the full contents of the remote URL. If someone else controls that file, they will be able to execute arbitrary code on your server. Don't let that happen.
Well why you need that, you have control over the code, you can just use one url in while including. Beside using allow_url_include is very dangerous. If you still want to use, you can do it this way.
Make a custom function (A rough code)
function url_include($url){
//now check if $url is the one you want to be included
if($url=="http://www.mysite.com/file.php"){
include($url);
}else{
//show error or something.
}
}
now use this url_include("http://www.mysite.com/file.php"); in your page to include url.
Hope this helps
Related
I have created/recorded a script in Vugen, however the the URL of the site has been changed recently. Is there any way just by replacing the url with a parameter works?
I have tried by replacing url with parameters, the new URL is
http://xsx.xxx.xsx.xxx/test99
Yhe parameters I have tried are below:
NewUrl: http://xsx.xxx.xsx.xxx/
Newhos: test99
I have replaced all in the script and when I run it I get the following error:
Error -27651: Attempted read from an unconnected socket (empty response, no HTTP headers received). URL="http://xsx.xxx.xsx.xxx/scripts/uiServer.dll"
What is the solution for this? Should i record again with the new URL ?
Thanks.
Hope I've understood what you're asking for, so here goes. If it's only the URL that has changed and not the content of the site which you might require later on in your script that this is fairly simple to do.
As you have created the new parameters ensure that they are getting the data from the same DAT file. I.e. newurl.dat which contains the following:
newurl,newhost
http://xsx.xxx.xsx.xxx/,test99
and assign the parameters to the correct column and have the newhost set to sameline as newurl. This way it’s easier to maintain I believe.
Now that the parameters have been created and properly assigned in your script you’ll need to change the url your trying to change from:
http://xsx.xxx.xsx.xxx/oldtest to {newurl}{newhost}
this needs to be done for all instances where the change has occurred.
Hope this helps with your problem you’re having.
Are you certain that the build level has not also changed at the same time as the host? If so then your new instance may be out of synch with the request model of the scripts built using an earlier build. Developers have a habit of including items below the scenes that do affect the site visually but change the structure of the requests. The error you are receiving is common when you attempt to continue a conversation on a dead connection resulting from a missed dynamic session component which may have been added in the last build.
When in doubt quickly record the second site and take a look at the differences in the requests, even to the point of using WinDiff (included in LoadRunner) for this purpose.
I have this site, Basilica, which is based on a WP template.
http://www.bazylikaswidnicka.com/wirtualnie/?pan=pan_szopka
I added some PHP stuff to it and the site apparently gets hurt by that ( seo wise ), especially by the section of virtual tours.There I used the ol' good fashioned PHP, structural in form, to catch what a viewer wants to see.
I would like to be able to change the following address:
http://www.bazylikaswidnicka.com/wirtualnie/?pan=pan_szopka
to:
http://www.bazylikaswidnicka.com/wirtualnie/pan_szopka
yet still be able to catch the value of $pan. How do I do that?
The .htaccess is already in place by default, it changes all the other links, how do I add this trickery to an extra value in the url to make wonders for this small portion of the website, too?
I don't expect you to write a script for me, but if you can give me a little nudge to where I should turn to that would be enough.
As far as I know you can't do this. You would need to provide anything you wish to allow the page to have access to to be in the URL.
If you are talking about simply retrieving the value from the url then you can do something like
$URLPartList = explode('/', $_SERVER['REQUEST_URI']);
$pan = $URLPartList[1];
I'd like to write a script that injects in the compose-page of gmail.
So far I've got this url-pattern: ["*://mail.google.com/*"]. The script successfully gets injected when loading gmail, but after that it doesn't get re-injected when clicking links like inbox or compose. I was hoping ["*://mail.google.com/*compose"] would do it easily, but no.
Is this pattern perhaps as far as I can get, and I'll then have to create a listener that checks when that part of the page is reloaded?
What is the most straightforward way to determine when the compose-page is loaded?
Content script only run when a page is truly loaded.
If you want to run code for a specific hash, inject the script at the URL without the hash, and use the hashchange to detect changes.
function checkHash() {
if (/^#(compose|drafts)\b/.test(location.hash)) {
// Do whatever you want
}
}
window.addEventListener('hashchange', checkHash);
checkHash();
Instead of monitoring the location hash, it might be more effective to use setInterval to continuously check whether the desired element exists in the DOM. This is particularly useful when you want to read or write the value of a specific DOM node.
I have an url like this :
www.domain.com/catalog/category_name/category_id/product_name/product_id
example :
www.domain.com/catalog/notebook/93/4_cpu_quad_core/56
and want it to turn into :
www.domain.com/catalog/category_name/product_name/
example :
www.domain.com/catalog/notebook/4_cpu_quad_core
The two ID parameters have to be passed to the application and parsed with PHP as I need it to get the correct category and product.
I have tried several ways using .htaccess and route.php config but no success !!
Can someone explain in simple manner how to pass these parameters to the web server while making these hidden in the url ?
I was just wondering if it is possible to pass hidden parameters in the url and make them available in the backend application (i.e. java or php).
Well! i wrote a function in the file system/core/uri.php
function assing_segment($num,$value)
{
$this->segments[$num] = $value;
return $this->segments[$n];
}
And call to this function either in the view or controller
$this->uri->assing_segment(5,$myvalue);
This will reassign segment 5 with my value
Can someone explain in simple manner how to pass these parameters to the web server while making these hidden in the url ?
There is no way to "hide" parts of the request. You can remove them, but then your application won't see them at all. For example, you can make all your URLs appear to be like www.domain.com/catalog/category_name/product_name/, but your php script isn't going to see anything about any IDs, since they're gone.
I've got some source code that has some cross site scripting vulnerabilities in it. There is no input validation that happens when the browser sends data over to the server which is executing server-side Javascript and classic ASP (IIS 7.0).
My question is, is there a way to override the Request.Form("foo") object/method so that I can call a sanitization function too and get rid of prohibited JS/HTML? I don't want to do a find and replace on every single file everywhere Request.Form is called. I was hoping for something more elegant.
Any suggestions are appreciated.
I don't think you can change Request.Form members.
What you can do, as a partial solution, is to create a code that will run first on every page (for example, using an include directive) which loops over Request.Form, Request.QueryString etc., and if it finds suspected code, it terminates the code execution (Response.End). This solution is partial because it doesn't really sanitize input, it just drops execution when it finds suspected text.
Another option: Create an array, parallel to Request.Form. Populate this array with the same members as in Request.Form, but this time sanitized. Then, quickly do a Find-and-Replace over your whole code base, and change Request.Form to your custom array variable.
There is a way to replace the whole Request object with another COM object but its an insane solution and it would still require that all ASP files that use Form contain a common top include file. Its not possible to replace the Request object or one of its members globally at the application level.
The correct solution to the problem, your statement "don't want to do a find and replace on every single file everywhere" notwithstanding, is to perform such global replace.
Despite the number of .asp files that exist the cost is no more than knocking up a simple program to open each ASP file in a folder tree, adding an include line and replacing Request.Form.