I tried to clean the strings from requests with the help of a function
file.php
<?php
echo 'test';
if(isset($_GET) && !empty($_GET))
foreach ($_GET as $key => $value) {
if(!empty($value))
$_GET[$key] = sanit($value);
}
sanit($item) {
if(is_array($item)) {
foreach($item as $key => $val) {
$inputstring[$key] = sanitizare($val);
}
} else {
$item= filter_var($item, FILTER_SANITIZE_STRING);
$item= filter_var($item, FILTER_SANITIZE_MAGIC_QUOTES);
$item= preg_replace('/(0x)(\d{2,})/i', 'OOO', $item);
$item= preg_replace('/(0o)(\d{2,})/i', 'OOO', $item);
$item= preg_replace('/(0b)(\d{2,})/i', 'OOO', $item);
}
return $item;
}
I import this file.php with htaccess, but it does not identify the requests, but echo works:
php_value auto_prepend_file "...file.php"
Because I didn't succeed with this method, I'm thinking if I can rewrite all requests in htaccess.
I have this link: http://domain/test/test1.php?ref=0x12546.
How can I change from 0x12546 to 000
My Answer:
You can use the following code in your .htaccess file to add a condition and replace a string from a parameter in PHP:
apache
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)oldstring(.*)$
RewriteRule ^(.*)$ $1?%1newstring%2 [L]
This code will check if the query string contains "oldstring" and replace it with "newstring" in the URL. Make sure to replace "oldstring" and "newstring" with the actual strings you want to replace.
Additionally, you can create a function in your function_file.php to clean the strings from requests. Here is an example of how you can do this:
php
function cleanQueryString($queryString) {
$queryString = str_replace('oldstring', 'newstring', $queryString);
return $queryString;
}
// Usage
if(isset($_GET['parameter'])) {
$_GET['parameter'] = cleanQueryString($_GET['parameter']);
}
This function will replace "oldstring" with "newstring" in the parameter value. You can call this function before using the parameter in your PHP code to ensure that the string is cleaned.
Rate this post
3 of 5 based on 7760 votesComments