I'm fairly new on CakePHP and because of so, there are some basic things that I used to do with Zend Framework that I'm beaten up with Cake.
I'm working on a project where I have to pass a named parameter to a controller / action. Setting up the route and passing the parameter is fairly simple, my problem is when the parameter is a urlencoded url.
For example: http://www.cakephp.com/controller/action/http%3A%2F%2Fwww.google.com regardless of the controller and action setup, will throw a 404, but passing /controller/action/http://www.google.com work in some way, the only problem is that it identifies the http as a named parameter. In another way, if I do /controller/action?url=http://www.google.com it will work.
The work around that I had used for this is to pass the value as a base64 encoded string, but it brings some limitations. For instance, if it is an API, there is no way that you can guarantee that the system using the API can encode base64 a string.
Anyway the best solution would be still passing a url encoded string to a named parameter. Question is, why CakePHP does not accept a urlencoded string as a parameter and why does it throws a 404?
Thanks all in advance.
I have added a work around this issue. The previous answer that pointed to a post actually answered why it was happening and one of the solutions. What happens is that the workaround for .htaccess on Apache is a bit dangerous because it will disable a security criteria.
There are 2 ways to work this out via code (and I'm using both):
Send all urls as base64 encoded strings
Accept the urls as named params, but, as you will notice, it converts any http:// to http:/, so is necessary to correctly identify when this happens and only then correct the string.
It is far from being a beautiful solution, but it is definitely a practical one.
I stumbled upon this same problem in Cakephp 4.x
Apparantly you can create a custom route with ** that will disable the default urldecoding. Fixing the problem.
So right now I throw a base64_encode(Security::encrypt($val)) value into the Router::url() function. This will url_encode the params by default so it becomes a valid/working url.
Cakephp then urldecodes by default, which is good. But it does it twice? Causing it to split up the params if there is a / present. Which isn't good.
So in my routes.php I added:
$builder->connect('/orders/callback/**', ['controller' => 'orders', 'action' => 'callback']);
Kinda annoying how this works, but it works now. Works like a charm in 4.x and cost me the entire afternoon. Just leaving this here in case anyone else has this problem. (and for future me).
Source: https://github.com/cakephp/cakephp/issues/4723#issuecomment-56912905
Related
Most times I've seen urls written to open an XPage in read-mode using action=openDocument, but occasionally, I've see action=readDocument used. Just curious if there are pros/cons in using one vs. the other.
I don't know of a difference. Honestly I never use these URL's anymore myself. So it's really not a big deal very likely.
Keep in mind, you don't need to use these at all of you don't want. You can pass your own parameter in the URL and then via SSJS access any parameters with the param object. You can also get the parameters in Java easily enough.
Just a thought.
I have created/recorded a script in Vugen, however the the URL of the site has been changed recently. Is there any way just by replacing the url with a parameter works?
I have tried by replacing url with parameters, the new URL is
http://xsx.xxx.xsx.xxx/test99
Yhe parameters I have tried are below:
NewUrl: http://xsx.xxx.xsx.xxx/
Newhos: test99
I have replaced all in the script and when I run it I get the following error:
Error -27651: Attempted read from an unconnected socket (empty response, no HTTP headers received). URL="http://xsx.xxx.xsx.xxx/scripts/uiServer.dll"
What is the solution for this? Should i record again with the new URL ?
Thanks.
Hope I've understood what you're asking for, so here goes. If it's only the URL that has changed and not the content of the site which you might require later on in your script that this is fairly simple to do.
As you have created the new parameters ensure that they are getting the data from the same DAT file. I.e. newurl.dat which contains the following:
newurl,newhost
http://xsx.xxx.xsx.xxx/,test99
and assign the parameters to the correct column and have the newhost set to sameline as newurl. This way it’s easier to maintain I believe.
Now that the parameters have been created and properly assigned in your script you’ll need to change the url your trying to change from:
http://xsx.xxx.xsx.xxx/oldtest to {newurl}{newhost}
this needs to be done for all instances where the change has occurred.
Hope this helps with your problem you’re having.
Are you certain that the build level has not also changed at the same time as the host? If so then your new instance may be out of synch with the request model of the scripts built using an earlier build. Developers have a habit of including items below the scenes that do affect the site visually but change the structure of the requests. The error you are receiving is common when you attempt to continue a conversation on a dead connection resulting from a missed dynamic session component which may have been added in the last build.
When in doubt quickly record the second site and take a look at the differences in the requests, even to the point of using WinDiff (included in LoadRunner) for this purpose.
Hey guys! Working on a new Cake app and wondering if there is anyway for me to remove the ID-in-URL routing from Cake. Perhaps by passing the ID in POST somehow? Having the ID passed in as a URL param just seems really shoddy and unsafe. Thanks!
"Shoddy"? It's standard practice and a perfectly fine solution to have ids in the URL. Look at the URL of your question:
http://stackoverflow.com/questions/4638262/removing-id-from-cakephp-url
^^^^^^^
id
Also, there's absolutely nothing unsafe about showing an id in a URL. It's just a number that doesn't mean anything. If a user can do something "bad" only by knowing this id, your app is broken and insecure, not the id-passing mechanism.
Trying to work around this scheme means working around the fundamental principle of the HTML protocol and opens up a whole new can of worms.
Some people prefer using slugs instead of primary key ids. This is the removing-id-from-cakephp-url part of the URL from this page. Take a look at the SluggableBehavior.
However, slugs can change. Hence, having the primary key in your URL is useful if you want to have a permalink. StackOverflow does both so that it can support both permalinking from other sites, as well as for SEO reasons. :)
Regarding security issues, I guess the other answers have already pointed out that there are other ways to make your application secure.
Why do you care? URL-s are optimized for SEO reasons, an ID won't matter if it's ain't too long. If the latter, consider using a shorter one with numbers and letters in them instead, it will be as difficult to guess as a long one with just numbers.
If you are not using GET and you do not supply the params in the URL, your users won't be able to copy-paste the location.
I'm trying to retrieve some stuff from a server (can't really go into much detail), but I've run into an issue which is solved by commenting out some stuff in a string being used as the place to hit.
The situation is as follows:
The URL I want to hit is
http://example.com/api/statistics/installations?version=1.0&type=prod
I get errors with this (based on the stuff being returned not being as expected), however using this works:
http://example.com/api/statistics/installations
Just without the refining flags of version and type.
Now, I'm new to working alongside servers, so I was wondering if perhaps the first URL is malformed towards the end or something?
Thanks to anyone who answers, even if it's just clarification the URL is correct at least I know where the problem lies afterward.
The URL is fine in that format, the issue was on the other end.
I have an url like this :
www.domain.com/catalog/category_name/category_id/product_name/product_id
example :
www.domain.com/catalog/notebook/93/4_cpu_quad_core/56
and want it to turn into :
www.domain.com/catalog/category_name/product_name/
example :
www.domain.com/catalog/notebook/4_cpu_quad_core
The two ID parameters have to be passed to the application and parsed with PHP as I need it to get the correct category and product.
I have tried several ways using .htaccess and route.php config but no success !!
Can someone explain in simple manner how to pass these parameters to the web server while making these hidden in the url ?
I was just wondering if it is possible to pass hidden parameters in the url and make them available in the backend application (i.e. java or php).
Well! i wrote a function in the file system/core/uri.php
function assing_segment($num,$value)
{
$this->segments[$num] = $value;
return $this->segments[$n];
}
And call to this function either in the view or controller
$this->uri->assing_segment(5,$myvalue);
This will reassign segment 5 with my value
Can someone explain in simple manner how to pass these parameters to the web server while making these hidden in the url ?
There is no way to "hide" parts of the request. You can remove them, but then your application won't see them at all. For example, you can make all your URLs appear to be like www.domain.com/catalog/category_name/product_name/, but your php script isn't going to see anything about any IDs, since they're gone.