What does this PHP redirect page do?

I inherited an old looks like PHP 5.x site. I stood it back it back up. However it looks like before the site went down one of the files, a file called redirect.php, was lost. I can tell this from the Internet Archive. Additionally when i got a dump of the old site it doesn’t have it either .I’m trying to figure out how to rebuild this or at least recreate the functionality.

It appears all the file did was send the user to another url, possibly putting the contents of the site in the same frame. Here’s an example of how this is used. The result ends up being a 404 error within a frame on the main site. I am in no way a PHP coder, not trying to be, but is there some way of creating something in PHP that would rebuild this? I’m sure I could instead replace all instances of urls like this with just the url of the target site. I assume the result would be the site would not appear in the same frame maybe. This would be ok and what I might resort to. Thanks ahead of time.

https://www.mysite.com/redirect.php?url=http://www.someothersite.com

I did find this topic but I’m not clear what I would put in the redirect.php file which i don’t have on my site. I’m assuming this is my problem and i need to create one.

Looks like the redirect.php file just has to contain the following. The result is a new tab is opened. Learning something. Interestingly if you put a /?ref=http://www.mysite.com then it will open in the same tab. i found one place in all of my site where this is done. All other places it doesn’t use this and therefore opens in a new tab.

<?php header( 'Location: '.$_GET['url']); ?>

Maybe first encode the $_GET variabele to get a valid URL?

Second: Place an exit(); command after the header function to terminate your script while it may continue otherwise.

<?php
if(isset($_GET['url']) {
    $cleanUrl = urlencode($_GET['url']);
    header( 'Location: ' . $cleanUrl); 
    exit();
}
?>

Thanks for replying. For the urlencode is this mainly to prevent someone trying to manually create a url for malicious reasons? Or is the purpose to catch mistakes I may make?

I did look for instance today and catch the former maintainer of this site in one area uses the redirect already adding in http://www but then in the database where the URLs are for some urls adds http://www again and some they don’t. This causes errors for instance http://www/http:www. So I have to decide whether to correct the code or database entries.

For the following code I get a 500 error.

image

If I do the following I get a 404, I think 404 because the url it’s trying to go to is \http:\ which isn’t valid. Maybe the encode plus how the code is in combination is screwing this up.
image

OK the 500 error was caused by a missing end parentheses in this line:

if(isset($_GET[‘url’]) {

The correct one is this:

if(isset($_GET[‘url’])) {

Not just have to figure out the 404 error. I get the following. Just an example of one of the urls for redirection.

image

Here’s what the URL in the browser ends up looking like.

https://192.168.56.2/http%3A%2F%2Fwww.barbermotorsports.com

UpdateL If I use the urldecode function it works. Shouldn’t that be what I use instead of urlencode? Looks like it may be a made idea to use urldecode anyways.

https://www.php.net/manual/en/function.urldecode.php

Warning

The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUESTcould have unexpected and dangerous results.

You’ll always have to encode/decode when transporting values that may contain URL specific characters - how else would you differentiate?

Sorry bit of a beginner. As mentioned I read the urldecode(which works) is a bad practice when using _GET and when I use urlencode it doesn’t work as shown above. I’m not sure to be honest which one I should be using. I assume the goal is the url is being opened by header should have it’s special characters converted to ASCII to make sure it’t interpreted correctly. I don’t use urlencode at all at present and it works correctly so therefore should I still try to make I assume urlencode work?

Sponsor our Newsletter | Privacy Policy | Terms of Service