Apache Misconfiguration or Codeigniter? Decoded Query String

  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Hey all,

I'm working for a site and they have a tracking URI feature where it passes ID's and it alternatively needs to take in encoded URIs, like this...

Code: [ Select ]
http://tracking.foobar1.com/9/1091/2115/u/http%3A%2F%2Fwww.foobar2.com%2Ftest-dir%2F


There is an .htaccess file in the main directory that looks like this (It's actually much bigger, but I removed all other lines except 3, the problem still exists with the htaccess working just like this)...

Code: [ Select ]
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
RewriteRule ^(.*)$ /index.php?click/index/$1 [L]
  1. RewriteEngine on
  2. RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
  3. RewriteRule ^(.*)$ /index.php?click/index/$1 [L]


I think the .htaccess is working though, because if I remove it, it seems fine. It sends the request to the correct PHP file (/index.php?click/index/...), and that PHP file needs to use the $_SERVER['QUERY_STRING'].

The problem is, calling...
Code: [ Select ]
http://tracking.foobar1.com/9/1091/2115/u/http%3A%2F%2Fwww.foobar2.com%2Ftest-dir%2F


Causes $_SERVER['QUERY_STRING']in the PHP Script to be...
Code: [ Select ]
$_SERVER['QUERY_STRING'] = /9/1091/2115/u/http:/www.foobar2.com/test-dir/

Instead of...
Code: [ Select ]
$_SERVER['QUERY_STRING'] = /9/1091/2115/u/http%3A%2F%2Fwww.foobar2.com%2Ftest-dir%2F


It doesn't work even if I use a direct path like this...
Code: [ Select ]
http://tracking.foobar1.com/index.php?/9/1091/2115/u/http%3A%2F%2Fwww.foobar2.com%2Ftest-dir%2F


It's a CodeSnuffer (CodeIgniter) installation. They just recently migrated to a new server and upgraded their PHP from PHP4 to 5.2.X, not sure if that matters, but... The scripts needs to look at $_SERVER['QUERY_STRING'] though for another reason. I do not know if the .htaccess file was modified after the migration, but there is a reasonable chance it wasn't and if that's the case, this whole setup was working correctly prior.

Anyway, pertaining to CodeIgniter; I have a script that takes input that looks like this...

Code: [ Select ]
http://tracking.foobar1.com/9/1091/2115/u/http%3A%2F%2Fwww.foobar2.com%2Ftestdir%2F


But when I do this in CI...

PHP Code: [ Select ]
<?php
die(print_r($this->uri->uri_to_assoc(4),TRUE));
?>
  1. <?php
  2. die(print_r($this->uri->uri_to_assoc(4),TRUE));
  3. ?>


I get this... (probably because CodeIgniter or Apache is decoding the URI embedded within the URI)

Array ( [1091] => 2115 [u] => http: [www.foobar.com] => testdir )

Instead of...

Array ( [1091] => 2115 [u] => http%3A%2F%2Fwww.foobar.com%2Ftestdir%2F )

And I have the CI config.php setup with...

$config['uri_protocol'] = "QUERY_STRING"; //in the config.php file (due to it replacing '.' with '_')

It was working fine, but we recently did a migration and it's gone to sh*t (not positive it was the migration though), I thought it was Apache, but now I'm wondering if it's CodeIgniter or Apache, or if anybody has any ideas why the heck it would do this?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

CodeIgniter doesnt alter the $_SERVER variable. My guess is its something to do with the htaccess. Can you post the rest of it?

The /system/libraries/URI.php file contains the code that is used to manipulate the URI in CodeIgniter. You can look through it to see exactly what CodeIgniter does.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Even when I run the .htaccess file with just those 3 lines, I still get the same issue. I thought it was .htaccess aswell, I'm stumped. Yeah, I checked that whole file out, I had to backtrace through it.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

Try creating a simple test file with the below code and see what happens when you do the request.

Code: [ Select ]
<? print_r($_SERVER; ?>


Since it wont be running through CodeIgniter you will be able to see if its something related to apache/php/htaccess. I did this on my server and everything seemed to work out just fine.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Yeah I did that already aswell. It works fine that way. I still think it's CodeIgniter. I'm also running this on 2 machines, doesn't work on either, so I'm less-so thinking it's Apache and more-so thinking it's CodeSnuffer *cough* I mean CodeIgniter.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

Hmmm, I'll have to play around with this.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Okay, it's definitely CodeIgniter, damn... I HATE THIS POS FRAMEWORK.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Okay I just verified, the script works perfect without .htaccess if I access the PHP file directly, but with .htaccess it is escaping the URI. So it is. I apologize, the PHP script is quite complicated and does a series of JavaScript redirects after load, but I finally bypassed them.

So this exact .htaccess file or my Apache configuration that runs htaccess files, or however it works causes my URI to be decoded.

Code: [ Select ]
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
RewriteCond $1 !^(legacy|sale|ajax|cookie_test|curl_test|lead)
RewriteRule ^(.*)$ /index.php?click/index/$1 [L]
  1. RewriteEngine on
  2. RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
  3. RewriteCond $1 !^(legacy|sale|ajax|cookie_test|curl_test|lead)
  4. RewriteRule ^(.*)$ /index.php?click/index/$1 [L]
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

There's AllowEncodedSlashes, but it seems as if you'd be getting 404 errors if that had anything to do with it.

Since all of the directives in that last piece of code you posted are provided by mod_rewrite, I'm guessing this is a good place to begin looking for encoding related directives.

There's the "noescape" flag for RewriteRule. I'm not sure whether this is going to apply to you though. Unless there was an Apache version change with the migration, and there was a behavior change with that version change, it doesn't make sense that this would suddenly apply.

Quote:
'noescape|NE' (no URI escaping of output)
This flag prevents mod_rewrite from applying the usual URI escaping rules to the result of a rewrite. Ordinarily, special characters (such as '%', '$', ';', and so on) will be escaped into their hexcode equivalents ('%25', '%24', and '%3B', respectively); this flag prevents this from happening. This allows percent symbols to appear in the output, as in

RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
which would turn '/foo/zed' into a safe request for '/bar?arg=P1=zed'.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Okay forget anything I've said in any of my previous posts. This issue is driving me nuts. Note: there is no issue without the .htaccess file, but I cannot test the same pathing with a stand alone script and no .htaccess, so I don't know if it's anything in the httpd.conf or .htaccess still.

This is the .htaccess file...
Code: [ Select ]
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
RewriteCond $1 !^(legacy|sale|ajax|cookie_test|curl_test|lead)
RewriteRule ^(.*)$ /index.php?click/index/$1 [L]
RewriteCond %{query_string} ^blx_merchant=(.*)(&.*)blx_reference=(.*)(&.*)blx_amount=(.*)$
RewriteRule ^sale/(.*)$ /index.php?sale/index/%1/%3/%5 [L]
RewriteCond %{query_string} ^blx_merchant\\x3d(.*)(\\x26.*)blx_reference\\x3d(.*)(\\x26.*)blx_amount\\x3d(.*)$
RewriteRule ^sale/(.*)$ /index.php?sale/index/%1/%3/%5 [L]
RewriteRule ^sale/(.*)$ /index.php?sale/index/$1 [L]
RewriteCond %{query_string} ^blx_merchant=(.*)(&.*)blx_reference=(.*)(&.*)blx_offer=(.*)$
RewriteRule ^lead/(.*)$ /index.php?lead/index/%1/%3/%5 [L]
RewriteCond %{query_string} ^blx_merchant\\x3d(.*)(\\x26.*)blx_reference\\x3d(.*)(\\x26.*)blx_offer\\x3d(.*)$
RewriteRule ^lead/(.*)$ /index.php?lead/index/%1/%3/%5 [L]
RewriteRule ^lead/(.*)$ /index.php?lead/index/$1 [L]
RewriteRule ^legacy/(.*)$ /index.php?legacy/index/$1 [L]
RewriteRule ^ajax/(.*)$ /index.php?ajax/index/$1 [L]
RewriteRule ^cookie_test/(.*)$ /index.php?cookie_test/index/$1 [L]
RewriteRule ^curl_test/(.*)$ /index.php?curl_test/index/$1 [L]
  1. RewriteEngine on
  2. RewriteCond $1 !^(index\.php|images|robots\.txt|css|js)
  3. RewriteCond $1 !^(legacy|sale|ajax|cookie_test|curl_test|lead)
  4. RewriteRule ^(.*)$ /index.php?click/index/$1 [L]
  5. RewriteCond %{query_string} ^blx_merchant=(.*)(&.*)blx_reference=(.*)(&.*)blx_amount=(.*)$
  6. RewriteRule ^sale/(.*)$ /index.php?sale/index/%1/%3/%5 [L]
  7. RewriteCond %{query_string} ^blx_merchant\\x3d(.*)(\\x26.*)blx_reference\\x3d(.*)(\\x26.*)blx_amount\\x3d(.*)$
  8. RewriteRule ^sale/(.*)$ /index.php?sale/index/%1/%3/%5 [L]
  9. RewriteRule ^sale/(.*)$ /index.php?sale/index/$1 [L]
  10. RewriteCond %{query_string} ^blx_merchant=(.*)(&.*)blx_reference=(.*)(&.*)blx_offer=(.*)$
  11. RewriteRule ^lead/(.*)$ /index.php?lead/index/%1/%3/%5 [L]
  12. RewriteCond %{query_string} ^blx_merchant\\x3d(.*)(\\x26.*)blx_reference\\x3d(.*)(\\x26.*)blx_offer\\x3d(.*)$
  13. RewriteRule ^lead/(.*)$ /index.php?lead/index/%1/%3/%5 [L]
  14. RewriteRule ^lead/(.*)$ /index.php?lead/index/$1 [L]
  15. RewriteRule ^legacy/(.*)$ /index.php?legacy/index/$1 [L]
  16. RewriteRule ^ajax/(.*)$ /index.php?ajax/index/$1 [L]
  17. RewriteRule ^cookie_test/(.*)$ /index.php?cookie_test/index/$1 [L]
  18. RewriteRule ^curl_test/(.*)$ /index.php?curl_test/index/$1 [L]


And this is my index.php...
PHP Code: [ Select ]
<?php
die($_SERVER['QUERY_STRING]);
?>
  1. <?php
  2. die($_SERVER['QUERY_STRING]);
  3. ?>


When I request this (decoded)...
Quote:
http://localhost/9/1091/2115/u/http%3A% ... est-dir%2F


It outputs (undecoded)... [Coverts %2F into /, etc...]
PHP Output wrote:
click/index/9/1091/2115/u/http:/www.foobar.com/test-dir/


Please Note: I did have to add this to my virtual host...
Code: [ Select ]
AllowEncodedSlashes On


That is how it is also configured on the server. Otherwise it returns a 404.

Does it even need that directive enabled? I'm not too good with .htaccess, I also didn't write this.

I'm going to be looking into this stuff for the next few hours. You have no idea how much I appreciate any responses to this thread.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Okay, so the actual %{REQUEST_URI} or %{QUERY_STRING} at server level in .htaccess is decoded, which is wrong I believe. My PHP file has the proper REQUEST_URI only when .htaccess is not used.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

I still think it's mod_rewrite decoding here after looking up mod_rewrite decodes.

My current train of thought is to use RewriteMap to reencode the querystring, but I just had a knock at my door and that's a half-assed idea. :)

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 89 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.