Pass encrypted email in url in nop commerece - asp.net-mvc-3

I want to pass encrypted email in url,but its not working on server,
while it is working on localhost.
I check the encrypted email- It contains some specific character like + , =
all those url which contains + sign are not working on server. but it working on localhost.
for example-
url format - {controllername}/{methodname}/{encrypted email}/{bool}
working url-
www.test.com/home/index/IZoc1QJlukTro7XN4kTaRDoy7mPNS-14YjKeZsXeyt3XsL4tXbLUPQ==/false
not working url-
www.test.com/home/index/KV6UWqy5fN7FY+lZuMAQ5nvA0+X4f8sQyB0la+-bSawUPEY1TIHK-C2bUdZUBRA6/false
not working url gives error like
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Thoughts ?

You should pass it as an url encoded query string parameter and not as part of the route:
http://www.test.com/home/index?email=IZoc1QJlukTro7XN4kTaRDoy7mPNS-14YjKeZsXeyt3XsL4tXbLUPQ%3D%3D%2Ffalse
If you want to pass some string as part of the route you should ensure that it doesn't contain dangerous characters which is your case. Scott Hanselman wrote a nice and detailed blog post on the difficulties that you might encounter if you attempt to pass such strings as part of the route here: http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx
I will quote his conclusion if you don't want to go through the entire post:
After ALL this effort to get crazy stuff in the Request Path, it's
worth mentioning that simply keeping the values as a part of the Query
String (remember WAY back at the beginning of this post?) is easier,
cleaner, more flexible, and more secure.

Related

Laravel route query get email address from query value instead of key

I have encountered an issue regarding Laravel 8 routes.
And I am unable to find a solution to this problem.
For example, I have this route format in Laravel:
$domain/password_reset?$email
Where it will look like this:
http://test-website.com/password_reset?test#gmail.com
I am aware that query parameters have ?key=value format. However in my case, the provided route format is what is expected (by client). Not the conventional key=value way. Also, the url link is clicked from an email. Wherein the link in the email uses the exact route format given (not url-encoded).
The sample request query that is fetched in the controller is as follows:
If you would notice, the email became a key (which is expected). And since it is a key, . has been changed to _. Instead of gmail.com it became gmail_com.
Would there be a better solution to get the exact email address from the url (not url-encoded) in this route format? Hopefully someone can help me with this. Thank you very much in advanced!
You should get the request query and parse it yourself:
[$path, $query] = explode('?',$request->fullUrl())
In the exemple above $query should hold everything after ? on the URL.
Alternativelly you can just get the key of the array you already have:
$email = array_keys($request->all())[0]

How can I get URL information following "#" in Koa

I have a URL that in the browser shows like this https://localhost:3000/location#valueIwant=1234.
I am trying to get access to the valueIwant value but all of the items I try ctx.request.path, ctx.request.href, etc but all seem to not have the values after #. How do I parse this part of the url.
Also this is coming from a redirect.
Everything after the # is not sent to the server. The purpose of the fragment is to create a link to a specific subsection of a page.
If you want to send specific parameters to the server, the right way to do it is to use the query part (everything after ?), not the fragment part. This is by design.

I need to convert any string without GET parameters

I need to convert any string without GET parameters:
www.mysite.com/?a=5&s=5 ---> www.mysite.com/
www.mysite.com/books/?bla=blabla&bla=4 ---> www.mysite.com/books/
I need to hide $_GET parameters.
I cant use POST parameters.
How can i do this ?
Then use POST.
POST-Data is not visible in the url and can be used like GET, but has to be pushed from a HTML-Form or something
Variables submitted by the method GET go in the URL, so it's impossible to hide them. However, you can make them prettier using the MVC architectural pattern. It's a more sofisticate solution that really pays off, in terms of organization.
For example, URLs like mysite.com/?a=5&s=5 would become mysite.com/5/5
You used $_GET[], so I assume you're using PHP. Take a look at Laravel or Phalcon.
In case you do not want to show any of the variables, you have to use POST. Data submitted by POST is inserted in the body of the HTTP request. Please, keep in mind that the body will not be encrypted, unless you use HTTPS.

Adding a UNIQUE ID to the URL parameter if the XMLHttp Open Method - What does this mean and how is it done?

I need help understanding AJAX. I am going through the tutorial on W3C schools ( creating a button that opens text file on the server and displays the result in a div)
One part of the tutorials seems abstract to me, without sufficient explanation. I am sure its a pre-requisite that I have missed or not aware of, detailing below
To avoid getting a cached result in response to an XMLHttpRequest made to the server, the tutorial says one needs to ADD A UNIQUE ID to the URL parameter in the XMLHttp Open Method which has been done (in the tutorial) by adding a ?, another character (t) and an = after the file extention followed by joining a random number to the URL (using Math.random()). See code below.
A simple GET request would be like:
xmlhttp.open("GET","demo_get.asp,true); \\I can understand this
Unique ID added to URL
xmlhttp.open("GET","demo_get.asp?t=" + Math.random(),true); \\ I can't undersatnd this
'?' , 't' & a random number generator added to demo_get.asp - Why T, why not P Q R Z ?? Why "?" after .asp
Should the compiler not go bonkers and report an error if arbitary characters are added to the file location. How is the part of the URL after the file extention handled as in this case ?t= + Math.random()
This has been a case of much agony and frustration for the last 3 days cause I don't get which part of JS i have missed here, what do you call this concept and where can I read it ??
This apart, specifying message headers while sending data - What are HTTP headers and what do they mean. How do I decide what the parameters of the setRequestHeader() method shall be ?
Please help. Rest of Ajax is clear to me.
(I haven't read on the second part - the message headers. I have asked that query here to avoiding posting another question later, just in case it turns out to be as eluding and enigmatic as the UNIQUE ID concept - Apologies in case its a direct simple question I ought to read up myself)
Cache compares the requested URL with those present with it, if a unique id is added to the URL, it does not match and the browser treats it as a fresh GET request, which then is forwarded to the server. This is a standard way to bypass / disable browser caching.
Please refer this document for a better understanding of browser Caching.
See Page No 4, which explains the same thing as stated above.
http://www.f5.com/pdf/white-papers/browser-behavior-wp.pdf

Merb authentication question, _message variable

Im using merb, and getting weird variable in url after authentication. I figured out that variable contains base64 encoded data, but cannot understand why its appearing there, even if everything works ok. Just curious
It looks like this: http://foo.bar/?_message=....data....
What this variable for and what does it do ?
_message is the way that Merb sends 'flash' messages. I believe that it is being encoded to make it harder to spoof (i.e. insert arbitrary text on your Web page) but to keep the state in the URL

Resources