Thursday, April 13, 2017

PHP - URL gets malformed during redirect

So, I have an image link that has this href:

http://www.app.com/link?target=www.target.com&param1=abc&param2=xyz

This is processed like so (I use laravel):

function out (Request $request) {

    $url = $request->target;

    $qs = $request->except('target');
    if ( !empty($qs) ) {
        $url .= strpos($url, '?') !== false ? '&' : '?';
        $url .= http_build_query($qs);
    }

    return redirect($url);
}

Most of the time, this works. However, lately, we've been experiencing an issue where param1 and param2 are attached to the URL in a seemingly infinite loop causing us to hit a 414 Request URI too long Error.

The problem is that it happens so randomly that I really don't know where to check because I added a checker before the return statement.

if ( substr_count($url, 'param1') > 1 ) {
    $file = storage_path() . '/logs/logger.log';
    $log = "[ " . date("d-m-Y H:i:sa") . " ] [ {$request->ip()} ] - {$url} \n";
    file_put_contents($file, $log, FILE_APPEND);
}

And it hasn't logged a single hit. Even after our testers experienced the bug.

Is it possible that the receiving application is breaking the URL somehow? What information should I be looking out for? Have you seen an issue like this before?

Is it the http_build_query that could be causing this and that my checker just doesn't work as expected (though, I did test it and it logged my test URL).

Any help on the matter would be great.



via clueless

Advertisement