MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.4.x Bug Reports > Internationalized domain name and redirect() function issue
Full Version: Internationalized domain name and redirect() function issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

bryn

2009-05-25, 05:50 PM
As you probably know, there is a way to put international characters in a domain name:

http://en.wikipedia.org/wiki/Internation...omain_name

Unfortunatelly, it doesn't seem to work well with MyBB. We had a thread on our Polish suppot concerning that problem:
http://www.mybboard.pl/polskie-znaki-w-a...-4737.html

In a nutshell: there was a MyBB installed at http://pierzchała.pl/forum/ (where "ł" is obviously an international character). Unfortunatelly, there was no way to log in as the user was redirected into "http://www.pierzcha&aring/;�a.pl/forum/index.ph" after a successful login. Seems like an encoding problem.

We managed to fix the problem by replacing the approporiate piece of code in redirect() function in inc/functions.php with the following:
    // Show redirects only if both ACP and UCP settings are enabled, or ACP is enabled, and user is a guest.
    if($mybb->settings['redirects'] == 1 && ($mybb->user['showredirect'] != 0 || !$mybb->user['uid']))
    {
        $url = str_replace("&", "&", $url);
        $url = htmlspecialchars($url);
        
        $url = explode('/',$url);
        $valid_url = 'http://www.xn--pierzchaa-xub.pl';
        $go = 0;
        foreach ($url as $key => $value)
        {
            if(($value=='forum')||($go==1))
            {
                $go = 1;
                $valid_url .= '/'.$value;
            }
        }
        if($go!=0) $url = $valid_url;
        else $url = implode('/',$url);
        eval("\$redirectpage = \"".$templates->get("redirect")."\";");
        output_page($redirectpage);
    }
    else
    {
        $url = str_replace("#", "&#", $url);
        $url = htmlspecialchars_decode($url);
        $url = str_replace(array("\n","\r",";"), "", $url);
        
        $url = explode('/',$url);
        $valid_url = 'http://www.xn--pierzchaa-xub.pl';
        $go = 0;
        foreach ($url as $key => $value)
        {
            if(($value=='forum')||($go==1))
            {
                $go = 1;
                $valid_url .= '/'.$value;
            }
        }
        if($go!=0) $url = $valid_url;
        else $url = implode('/',$url);
        
        run_shutdown();
        header("Location: $url");
    }
but I know that it's really a poor solution.

Ryan Gordon

2009-05-25, 06:49 PM
We use htmlspecialchars_uni or htmlentities to protect from XSS attacks in redirects - Those restrictions won't be removed easily

HotPockets

2009-05-29, 12:03 AM
(2009-05-25, 06:49 PM)Ryan Gordon Wrote: [ -> ]We use htmlspecialchars_uni or htmlentities to protect from XSS attacks in redirects - Those restrictions won't be removed easily

htmlentities($url, UTF-8);

Add UTF-8 to allow internation characters. (not sure if this special t (never even seen it) wont be filtered.)

P.S: Ironic how I can't even copy and paste the "t" to my notepad.

Ryan Gordon

2009-05-29, 01:20 AM
(2009-05-29, 12:03 AM)HotPockets Wrote: [ -> ]htmlentities($url, UTF-8);

And what if it isn't UTF-8 encoded data? What if the PHP build doesn't support UTF-8?

HotPockets

2009-05-29, 01:32 PM
(2009-05-29, 01:20 AM)Ryan Gordon Wrote: [ -> ]
(2009-05-29, 12:03 AM)HotPockets Wrote: [ -> ]htmlentities($url, UTF-8);

And what if it isn't UTF-8 encoded data? What if the PHP build doesn't support UTF-8?

Then it's not a webserver. It's a compiled junkward wrapped with metal.

Ryan Gordon

2009-05-29, 04:21 PM
(2009-05-29, 01:32 PM)HotPockets Wrote: [ -> ]
(2009-05-29, 01:20 AM)Ryan Gordon Wrote: [ -> ]
(2009-05-29, 12:03 AM)HotPockets Wrote: [ -> ]htmlentities($url, UTF-8);

And what if it isn't UTF-8 encoded data? What if the PHP build doesn't support UTF-8?

Then it's not a webserver. It's a compiled junkward wrapped with metal.

So then you'll be the one to tell that to all the users who are running PHP 4 and don't have UTF-8 abilities?

User 2877

2009-06-01, 10:03 PM
It would be nice if mybb supported IDN's in URL's.

Quote:And what if it isn't UTF-8 encoded data? What if the PHP build doesn't support UTF-8?

Sounds like the need for an IF statement.

Quote:So then you'll be the one to tell that to all the users who are running PHP 4 and don't have UTF-8 abilities?

http://us.php.net/phpversion

Pretty sure mybb uses that in it's code already. Why not here too?

I also thought mybb was going to drop support for php4? I can't find the thread so maybe you can update us on that. I am sure the need to support php4 is dwindling.

Ryan Gordon

2009-06-01, 10:26 PM
(2009-06-01, 10:03 PM)labrocca Wrote: [ -> ]I also thought mybb was going to drop support for php4? I can't find the thread so maybe you can update us on that. I am sure the need to support php4 is dwindling.

What's the need to update? It's the same as before - It will be dropped for 1.6, yes.

User 2877

2009-06-01, 11:05 PM
Ahh...wasn't exactly sure of the exact drop date. I just thought I remembered it being mentioned. So can we assume that IDN support will be addressed at that point?

Ryan Gordon

2009-06-01, 11:46 PM
(2009-06-01, 11:05 PM)labrocca Wrote: [ -> ]Ahh...wasn't exactly sure of the exact drop date. I just thought I remembered it being mentioned. So can we assume that IDN support will be addressed at that point?

Depends. Just because you have PHP 5 doesn't mean you have unicode/UTF-8 support
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.4.x Bug Reports > Internationalized domain name and redirect() function issue