0

This question is directly related to this other question found on StackOverflow.

I have the same problem - but I'm not sure I can separate the protocol prefix as another variable, as suggested in the above question. I'm using the GET action, sent to another page where the data is used (e.g. form on index.php submits GET to search.php).

On the index page, a user can type data, including a URL, to be submitted (e.g. text field and submit button). Due to the nature of URLs, I expect to have some people who copy and paste - and thus people are likely going to include the http:// sometimes, whether I want them to or not.

If http: is included in the GET request (e.g. search.php?q=http://google.com), then I receive a 403 Forbidden error on search.php - which is where I'm running into issues.

Outside of JS, is there a way to either remove or separate the protocol prefix from a user input, if it exists, before the request is sent to search.php? E.G. After user clicks submit but before data is sent to another page?

Thanks in advance for any answers or advice you can give!

EDIT: I know I can use urlencode to encode URLs - but can that be done before the data/GET request is actually sent?

Improve this question
3
  • can't see the link to the previous question Commented Mar 20, 2013 at 18:23
  • What do you mean "outside of JS"? just add onsubmit="somefunction()" and do whatever you want to do by document.forms["form"]["url_input"].value Commented Mar 20, 2013 at 18:33
  • kuncajs: I was hoping there was a way to get around the problem without requiring the user to have JS enabled. Commented Mar 20, 2013 at 18:37

1 Answer 1

Reset to default
0

Outside of javascript? No.
However, when the data is sent to search.php, you can test for the http:// and remove it you don't want it included.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I know I can check for it if search.php loads - but I receive a 403 Forbidden error if the GET request contains "http:"
What server? Are you using apache with mod_security?
Captain: Yes. I read on the question I linked to that it could be some settings on Apache interfering with it - but I'm not sure what to change in order to fix the problem.
To clarify, Captain - my host does have mod_security enabled for all accounts, but I don't know what rule to modify to address the issue.
You get the host to check the log and it will tell them what rule is firing, then they can override it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.