开发者

php escaping when I don't need it to

I've got an issue whereby PHP is escaping where I really don't want it to in this code:

        $url_ = stripslashes(((substr(strtolower($url),0,7)!="http://")? "http://".$url:$url));
        $host = $this->googleDomains[mt_rand(0,count($this->googleDomains)-1)];
        $target = "/search?";
        $querystring = sprintf("client=navclient-auto&ch=%s&features=Rank&q=%s",
            $this->CheckHash($this->HashURL($url_)),urlencode("info:".$url_));
        $contents="";

        $this->debugRes("host", $host);
        $this->debugRes("query_string", $querystring);
        $this->debugRes("user_agent", $this->userAgent);

thus producing a URL like this which causes the script to fail:

{"urls":[{"url":"hostcule.com","converted_url":"http:\/\/toolbarqueries.google.com\/search??client=navclient-auto&ch=74451333464&features=Rank&q=info%3Ahttp%3A%2F%2Fhostcule.com"}]}

How do I stop it?

Magic Quotes are Off.

Here's the $url comes from:

foreach (preg_split('#[\r\n]+#', $_POST['urls']) as $url) {
        $url = trim($url);
        if ($url)
            $_SESSION['converted_urls'][] = array('url' => $url, 'converted_url' => $pr->GetPR($url, true, true));
    }

At this stage, $_POST['urls'] looks like:

{"urls":[{"url":"hostcule.com","converted_url":"http:\/\/www.google.com\/search??client=navclient-auto&ch=74451333464&features=Rank&q=info%3Ahttp%3A%2F%2Fhostcule.com"}]}

whilst $url lo开发者_C百科oks like

 {"urls":[{"url":"hostcule.com","converted_url":"http:\/\/www.google.com\/search??client=navclient-auto&ch=74451333464&features=Rank&q=info%3Ahttp%3A%2F%2Fhostcule.com"}]}


There is nothing in that code that would produce the code you quote.

My suspicion is that $url already contains the garbled http\/\/, and therefore your http:// recognizing mechanism never triggers.

You need to step back and look where $url comes from. There is where your problem will be.


The code you have there doesn't do any escaping at all. You'll need to post what you do to that $url_ after this line.


use ' instead of "

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜