Is it possible to make the URL index.php?view=something back into /something?
Asked
Active
Viewed 98 times
-1
masegaloeh
- 17,978
- 9
- 56
- 104
Kyle
- 552
- 2
- 5
- 16
-
Yes. The rewrite rules can manipulate any data it's given. You can't recover data lost in a previous rewrite (usually). – Chris S Dec 27 '10 at 01:49
1 Answers
2
RewriteCond %{QUERY_STRING} [&?]view=([^&]*)
RewriteRule index.php$ /%1
Note that, if you're not careful, a crafty attacker might be able to abuse this; for example, by generating arbitrary URIs by passing parameters to "view". Appropriate precautions should be taken.
Also, you might want to append an [L], [R], or [R=301] to the RewriteRule (or a combination thereof), depending on your exact intent.
BMDan
- 7,129
- 2
- 22
- 34
-
As long as the URL is rewritten to the same server, how can this technique be abused? (curious because this is how I do it on my website). – matpie Dec 27 '10 at 02:23
-
1One example off the top of my head: let's say you wanted to let rewritten index.php's be deeper than "/", so you had a rule like `RewriteRule index.php$ %1 [L,R]`. Imagine if I gave you the URI `http://www.yoursite.com/dir/index.php?view=http%3A%2F%2Fwww.evilattackersite.com`—what happens? – BMDan Dec 27 '10 at 02:53
-