realurl icon indicating copy to clipboard operation
realurl copied to clipboard

Published 20 hours ago verified publisher icon helhum

Domain _GET vars can be overridden

Open andreaswolf opened this issue 8 years ago • 4 comments

When a domain has configured a $_GET var (most prominently L), a visitor can still set that variable to a different value, leading e.g. to a different language being shown. The decode step will then not set the preconfigured value (see adjustConfigurationByHostDecode()).

IMO if a variable is defined in the domain record, it should not be changeable from the outside, or at least there should be an option to declare the value immutable.

andreaswolf avatar Feb 08 '17 20:02 andreaswolf

domain record? you mean the domain realurl config right?

helhum avatar Feb 08 '17 22:02 helhum

mind creating a pull request for this?

helhum avatar Feb 08 '17 22:02 helhum

domain record? you mean the domain realurl config right?

Right, of course… was a little too late for me :)

mind creating a pull request for this?

Sure, can do that. In general I consider this a bug, but as the domains feature of RealURL is AFAIK only documented in a blog post, it is unclear if it is probably intended. I would therefore add an option to the decode entry with a list of immutable GET vars, which is checked in the aforementioned method.

andreaswolf avatar Feb 09 '17 08:02 andreaswolf

We discovered a bug with my approach, leading to the preview feature not working anymore. This should be fixed, I’ll create a pull request afterwards.

andreaswolf avatar Mar 06 '17 21:03 andreaswolf