Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34
  1. #1
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default GET query string being stripped from url

    I'm drawing a blank trying to figure this one out. Upgrading a site from 1.5.4 to 1.5.6c php 7.3. There is a customer form which was cloned from the contact page. This form is called from the product page and the current product and an item number are passed in a GET query string
    Code:
    http://domain.com/test/index.php?main_page=request_a_quote&prod=363&itemnumb=9-250-UV-50
    This works fine on the 1.5.4 site but in 1.5.6c the query string gets stripped off when the page loads and the GET variables are not available.
    Code:
    http://domain.com/test/index.php?main_page=request_a_quote
    The page call is hardcoded in the product description as an <a href> tag
    HTML Code:
    <a href="index.php?main_page=request_a_quote&prod=363&itemnumb=9-250-UV-50" title="Quote on Ultra Heavy Duty Ties"><img width="100" height="26" alt="Request Quote" src="/call_for_prices.jpg" /></a>
    Can somebody point me to where the query string is being stripped off?

  2. #2
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,403
    Plugin Contributions
    87

    Default Re: GET query string being stripped from url

    Hmm, I would have bet a nickel that it was /includes/init_sanitize.php, but upon review I don't think that that's it.

    What plugins are installed?

  3. #3
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: GET query string being stripped from url

    It's an almost clean install with only the bootstrap template, and superglobals plugin installed. The ultimate url mod was installed but I've uninstalled that since it was an obvious candidate. I also switched to the classic template and have the same results. The ultimate url mod is installed on the live site which is in the root. The upgrade site is in a subdirectory for now. The query string works fine on the live site and I don't see anything in the .htaccess file in the root that mightstrip the query string off in the subdirectory.

  4. #4
    Join Date
    Jul 2012
    Posts
    16,719
    Plugin Contributions
    17

    Default Re: GET query string being stripped from url

    Almost seems as there might be an early redirect to just the page without collecting the parameters associated with the current arrival. Is there perhaps an SSL check performed that is attempting to cycle back around or something in the files of: includes/modules/pages/request_a_quote that is doing the stripping?

    At what point is the test for the $_GET parameters performed? Ie. Have you tried at the top of the header_php.php file in the folder above? And if successful, at what point in processing does it go away?

    For other pages there have been some additional "product" checks that could potentially remove the other parameters, but off the top of my head, I don't see how that would be a factor here based on the intent of this additional page.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  5. #5
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: GET query string being stripped from url

    The page is called from a link in product_info that contains the query string. The url is stripped off as the page is loaded (url in the browser window does not contain the query string and GET variables are not set). The first three lines of the header_php.php file are:
    PHP Code:
    $zco_notifier->notify('NOTIFY_HEADER_START_CONTACT_US');
      
    $valid_product false;
      if (isset(
    $_GET['prod'])) { 
    I've double checked and the variable is empty and that's confirmed by the superglobals mod.

    There script for request_a_ quote does not remove the query string it only reads it.

    I'm including the htaccess file from the root on the off chance that I'm not seeing an early redirect that is stripping the query string in the subdirectory. The subdirectory does not contain an htaccess file.
    Code:
    text/x-generic .htaccess ( UTF-8 Unicode C++ program text, with CRLF, LF line terminators )
    ###############################################################################
    # Add custom headers and options
    ###############################################################################
    # Notes:
    #
    # Examples: Adding IE compatibility / edge flags, language and encoding flags,
    # php or suphp directives, configure other Apache modules such as page_speed,
    # and enable or disable Apache httpd options.
    #
    # Do NOT configure anything directly relating to physical or virtual resources
    # in this section. These should be addressed later on in this file.
    ###############################################################################
    #Options -Indexes
    
    ###############################################################################
    # Enable mod_rewrite processing using the rules in this .htaccess file
    ###############################################################################
    # Notes:
    #
    # <IfModule> should be avoided at all costs. If mod_rewrite is not available
    # it is almost always better to return HTTP 500 status. This way we see there
    # is an issue as soon as the .htaccess file is uploaded.
    #
    # For mod_rewrite to work, the Apache server option to allow symbolic links to
    # be followed must be enabled. Most providers supporting mod_rewrite will
    # already have it enabled for you, but if your rewrite rules are not working
    # you can un-comment the first directive below to manually enable the option.
    #
    # Don't forget, mod_rewrite directives are processed in order until a matching
    # RewriteRule with the [L] flag is encountered. So the more specific a rule is
    # the closer it should appear to the top of this file.
    ###############################################################################
    #Options +FollowSymLinks
    RewriteEngine on
    
    ###############################################################################
    # Tell mod_rewrite where this file is relative to the server document_root
    ###############################################################################
    # Notes:
    #
    # This directive should only be enabled if this .htaccess file is not placed
    # in the document_root (usually public_html, www, or web) of the (sub)domain.
    #
    # An easy way to determine the location relative to the server document_root is
    # to look at the URL used to access a file in this folder. For example if you
    # access a "page" in the same folder as this file by typing in the URL
    # "www.mydomain.com/myfolder/index.html" then "myfolder" will be the location
    # of this file relative to the server document_root.
    #
    # Another quick and easy way to determine the correct setting for this is to
    # look at the defined value for DIR_WS_CATALOG and DIR_WS_HTTPS_CATALOG in
    # Zen Cart's configure.php files. All three values should match.
    #
    # Don't forget the leading and trailing /. This directive requires both!
    ###############################################################################
    #RewriteBase /shop/
    
    
    ###############################################################################
    # Redirect if request was for index.php (no query)
    ###############################################################################
    # Notes:
    #
    # This is only required if the site generates references to index.php with no
    # parameters. This rule will force a 301 redirect to the site root when a
    # request is made for "/index.php" with no query terms (?key=value).
    ###############################################################################
    #RewriteCond %{QUERY_STRING} ^$
    #RewriteRule ^index\.php$ / [R=301,L]
    
    
    ###############################################################################
    # Add any custom 301 redirects
    ###############################################################################
    # Notes:
    #
    # In general these should be few and far between. If you use a RewriteRule
    # be sure to add the L flag to let Apache mod_rewrite know to stop processing
    # and skip any RewriteRules defined later in the .htaccess file.
    ###############################################################################
    
    
    ###############################################################################
    # Redirect if request was for index.php (with or without query)
    ###############################################################################
    # Notes:
    #
    # This is a performance optimization. If the request is for index.php simply
    # pass the request on and do not process any other mod_rewrite directives in
    # this file.
    #
    # Basically this avoids the overhead of checking if index.php is a real file
    # or directory (used in subsequent mod_rewrite rules) before sending the
    # request to index.php.
    ###############################################################################
    RewriteRule ^index\.php$ - [L]
    
    
    ###############################################################################
    # Start Ultimate (SEO) URLs
    ###############################################################################
    # Notes:
    #
    # You should not make any changes in this section unless you really understand
    # how it will impact your web site. Mistakes can break things.
    ###############################################################################
    
    # Handles the new URL formats
    RewriteRule ^(.*)-c-([0-9_]+)/(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$4&cPath=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$4&cPath=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$4&cPath=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-c-([0-9_]+)/(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$4&cPath=$2&%{QUERY_STRING} [L]
    
    # Original (unchanged) URL formats
    RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-m-([0-9]+)(.*)$ index\.php?main_page=index&manufacturers_id=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-pi-([0-9]+)(.*)$ index\.php?main_page=popup_image&pID=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-pr-([0-9]+)(.*)$ index\.php?main_page=product_reviews&products_id=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-pri-([0-9]+)(.*)$ index\.php?main_page=product_reviews_info&products_id=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-ezp-([0-9]+)(.*)$ index\.php?main_page=page&id=$2&%{QUERY_STRING} [L]
    RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=$2&%{QUERY_STRING} [L]
    
    # Rewrite all other requests (if the file / directory does not exist)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index\.php?main_page=$1&%{QUERY_STRING} [L]
    
    # Protection against XSS (Cross-Site Scripting)
    Header set X-XSS-Protection "0"
    
    ###############################################################################
    # Add any other directives relating to the handling of physical files
    ###############################################################################
    # Notes:
    #
    # If processing makes it this far, the request was for a real file or folder.
    # Example: Adding further processing related to browser caching or security.
    
    # php -- BEGIN cPanel-generated handler, do not edit
    # Set the “ea-php73” package as the default “PHP” programming language.
    <IfModule mime_module>
      AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
    </IfModule>
    # php -- END cPanel-generated handler, do not edit

  6. #6
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,403
    Plugin Contributions
    87

    Default Re: GET query string being stripped from url

    Can you verify via the site's Apache access logs that those $_GET parameters are actually being sent?

  7. #7
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: GET query string being stripped from url

    It looks lke it is being passed
    Code:
    xxx.xxx.xxx.xxx - - [14/Jan/2020:13:41:55 +0000] "GET /test/index.php?main_page=request_a_quote&prod=362&itemnumb=4-18-Z-100 HTTP/1.1" 302 20 "http://domain.com/test/index.php?main_page=product_info&cPath=1_26&products_id=362" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"
    And the result
    Code:
    xxx.xxx.xxx.xxx - - [14/Jan/2020:13:41:55 +0000] "GET /test/index.php?main_page=request_a_quote HTTP/1.1" 500 3347 "http://domain.com/test/index.php?main_page=product_info&cPath=1_26&products_id=362" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"

  8. #8
    Join Date
    Jul 2012
    Posts
    16,719
    Plugin Contributions
    17

    Default Re: GET query string being stripped from url

    If I may also suggest. Since the htaccess file is there to support UsU, that USU be temporarily removed from the process by disabling it. Then if the issue still occurs, go ahead and reenable it.

    The other thing, and not necessarily likely would be to temporarily move the if statement to *before* the notifier. The movement of the if statement and whatever "indicating" action to before the notifier would remove the ever remote possibility that there is an observer affecting the results.

    As to superglobals' identification of information, that for the most part is reporting the condition "after" the page is loaded.

    As to what is seen in the browser, unless tracking ever bit of the communication the end result is what is seen and is what is the problem. A redirect would not necessarily be seen on the browser page address if all things were working smoothly.

    I am curious to find out how a link request that has parameters would not get seen as received. I mean, yeah it is an approach from the beginning instead of the end, but...
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  9. #9
    Join Date
    Aug 2009
    Location
    Longs, SC
    Posts
    626
    Plugin Contributions
    2

    Default Re: GET query string being stripped from url

    I turned off USU on the live site and it had no effect. I also commented out the notifier and had the first line echo the contents of the GET variable. It was empty. Still scratching my head.

  10. #10
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    12,403
    Plugin Contributions
    87

    Default Re: GET query string being stripped from url

    You might try adding a trigger_error to the top of the zen_redirect function:
    Code:
      function zen_redirect($url, $httpResponseCode = '') {
        global $request_type;
    trigger_error("zen_redirect($url, $httpResponseCode)", E_USER_WARNING);
        // Are we loading an SSL page?
        if ( (ENABLE_SSL == 'true') && ($request_type == 'SSL') ) {
          // yes, but a NONSSL url was supplied
          if (substr($url, 0, strlen(HTTP_SERVER . DIR_WS_CATALOG)) == HTTP_SERVER . DIR_WS_CATALOG) {
            // So, change it to SSL, based on site's configuration for SSL
            $url = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . substr($url, strlen(HTTP_SERVER . DIR_WS_CATALOG));
          }
        }
    
      // clean up URL before executing it
        $url = preg_replace('/&{2,}/', '&', $url);
        $url = preg_replace('/(&amp;)+/', '&amp;', $url);
        // header locates should not have the &amp; in the address it breaks things
        $url = preg_replace('/(&amp;)+/', '&', $url);
    
        if ($httpResponseCode == '') {
          session_write_close();
          header('Location: ' . $url);
        } else {
          session_write_close();
          header('Location: ' . $url, TRUE, (int)$httpResponseCode);
        }
    
        exit();
      }
    That would let you know if the redirect is coming from somewhere in "PHP land" or somewhere lower down in the stack (e.g. the .htaccess file).

 

 
Page 1 of 4 123 ... LastLast

Similar Threads

  1. v154 How to Get Count from Last Delete Query - Row Affected?
    By kwright in forum General Questions
    Replies: 3
    Last Post: 21 Feb 2016, 06:16 PM
  2. URL ends with a query string
    By lieven23 in forum General Questions
    Replies: 0
    Last Post: 18 Aug 2009, 09:24 PM
  3. How to remove zenid in query string?
    By suman07 in forum General Questions
    Replies: 6
    Last Post: 5 Feb 2008, 11:48 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR