I have my site set to seo url. I have the following code set to pickup and redirect to the same page if there is an error:
$this->response->redirect('http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]');
but in the resulting url it comes out as
https://website.com/index.php?route=api ... dule_id=20
which produces an "invalid response page isn't working" error page. How do I pick up exactly what is in the url to put in a variable and redirect using php?
I also tried $_SERVER["QUERY_STRING"]
First of all, this is an OpenCart forum, but you are using the Journal3 framework, in which case the Journal support would be more appropriate.
In general, something like this should work for OpenCart:
In general, something like this should work for OpenCart:
Code: Select all
$host = $_SERVER['HTTP_HOST'];
$protocol=$_SERVER['PROTOCOL'] = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ? 'https' : 'http';
$url = "$protocol://$host/".$_SERVER[REQUEST_URI];
$this->response->redirect($url);
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Never use an unchecked $_SERVER['HTTP_HOST'] for a redirect, that is a user setable variable and you could be redirecting to somewhere outside your domain and become part of a botnet.JNeuhoff wrote: ↑Sat Sep 28, 2024 6:04 pmFirst of all, this is an OpenCart forum, but you are using the Journal3 framework, in which case the Journal support would be more appropriate.
In general, something like this should work for OpenCart:
Code: Select all
$host = $_SERVER['HTTP_HOST']; $protocol=$_SERVER['PROTOCOL'] = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ? 'https' : 'http'; $url = "$protocol://$host/".$_SERVER[REQUEST_URI]; $this->response->redirect($url);
@JNeuhoff, ok, it looks like you were right about it being journal THIS TIME. I turned off the SEO and the problem is still there. I guess I have to figure out a different way to go about this. Thanks anyway.
@nonnedelectari, what do you mean? I need to check if something is set, or I need to check the value against HTTP_SERVER?
@nonnedelectari, what do you mean? I need to check if something is set, or I need to check the value against HTTP_SERVER?
v3.0.4.0 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.
HTTP_HOST is set by the host header which is issued by the client, that could be any domain they see fit.Joe1234 wrote: ↑Sat Sep 28, 2024 11:25 pm@JNeuhoff, ok, it looks like you were right about it being journal THIS TIME. I turned off the SEO and the problem is still there. I guess I have to figure out a different way to go about this. Thanks anyway.
@nonnedelectari, what do you mean? I need to check if something is set, or I need to check the value against HTTP_SERVER?
Never use it for redirects unless you verify it contains a domain under your control.
Some examples:nonnedelectari wrote: ↑Sun Sep 29, 2024 12:19 amHTTP_HOST is set by the host header which is issued by the client, that could be any domain they see fit.Joe1234 wrote: ↑Sat Sep 28, 2024 11:25 pm@JNeuhoff, ok, it looks like you were right about it being journal THIS TIME. I turned off the SEO and the problem is still there. I guess I have to figure out a different way to go about this. Thanks anyway.
@nonnedelectari, what do you mean? I need to check if something is set, or I need to check the value against HTTP_SERVER?
Never use it for redirects unless you verify it contains a domain under your control.
Code: Select all
[27/Sep/2024:00:48:08 +0800] [421] [-] - [speed.cloudflare.com][80] - [off] - [139.59.101.104]-[GET /cdn-cgi/trace HTTP/1.1] - [-] - [-] - [Mozilla/5.0][150-190]
[27/Sep/2024:02:50:11 +0800] [421] [-] - [localhost][80] - [off] - [185.224.128.47]-[GET / HTTP/1.1] - [-] - [-] - [Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36][203-171]
[27/Sep/2024:21:32:14 +0800] [421] [-] - [zijin10000.us.kg][443] - [on] - [113.83.12.107]-[GET / HTTP/1.1] - [-] - [-] - [Go-http-client/1.1][771-4620]
[16/Sep/2024:23:20:46 +0800] [421] [-] - [baike.baidu.com][443] - [on] - [117.69.190.172]-[GET / HTTP/1.1] - [-] - [-] - [Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15][1117-4754]
[18/Sep/2024:17:28:19 +0800] [421] [-] - [azenv.net][80] - [off] - [192.210.187.78]-[GET http://azenv.net/ HTTP/1.1] - [-] - [-] - [Go-http-client/1.1][130-171]
[13/Sep/2024:14:00:55 +0800] [421] [-] - [www.visa.com][443] - [on] - [91.185.190.159]-[GET /cdn-cgi/trace HTTP/1.1] - [-] - [-] - [Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36][633-4624]
[13/Sep/2024:14:15:00 +0800] [421] [-] - [s3.dbwap.com][80] - [off] - [121.204.100.173]-[GET http://s3.dbwap.com/mlogin/mark?name=qq2023&hash=11ab3300e810f6bff02122f7715e8316&t=1694529852810 HTTP/1.1] - [-] - [-] - [Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)][250-171]
Many times it will be your server's ip address or "localhost" (bots do that).
Many times it will be an outside domain.
So check the value before redirecting, make sure it contains a domain you control or you will be directing traffic to an unknown server (botnet/ddos agent).
Whenever a request does not contain one of our domains or contains our ip address, we issue a 421 misdirected request response and ignore that request.
Who is online
Users browsing this forum: Majestic-12 [Bot], paola_84, Semrush [Bot] and 23 guests
