PHP_SELF causes 403

Problems with the Windows version of XAMPP, questions, comments, and anything related.

PHP_SELF causes 403

Postby dday9 » 13. October 2017 03:53

I'm running across an issue of where I want to set the action attribute of a form to the following:
Code: Select all
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"


However, whenever I do this I get the following error in Apache's PHP error log file:
(20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:61626] AH00127: Cannot map POST [name removed]/%3C?php%20echo%20htmlspecialchars($_SERVER[%27PHP_SELF%27]);?%3E HTTP/1.1 to file, referer: http://127.0.0.1/[name removed]/admin.php


I have read online that the error comes from the %3C code which represents the '<' character and that because this character is used in Windows filesystem paths, Apache is blocking it. My question to y'all is if there is a known workaround to this problem?
dday9
 
Posts: 6
Joined: 12. October 2017 18:08
XAMPP version: 3.22
Operating System: Windows 10

Re: PHP_SELF causes 403

Postby Altrea » 13. October 2017 06:45

Hi,

Which XAMPP version are you using? => [Q&A] Insufficient debug information - base information
We need a full code example
We need to know what metadata the file containing the code has (full path and filename, charset)
We need to know how you run the code (URL, Browser version)

Without these information it is impossible for me to identify the issue.

best wishes,
Altrea
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: PHP_SELF causes 403

Postby Nobbie » 13. October 2017 09:57

Altrea wrote:Without these information it is impossible for me to identify the issue.


I can try...

@dday9:

Due to the error message you

a) probably did not provide us the real code (please: always copy&paste code, do NOT type it in), which hides the actual error

b) you are using the wrong quote characters in your action= clause. Here it seems, as if you stacked the double quotes (but this would lead to a different error, but i am not 100% sure about, it might result in the same error). As you cannot stack the same quotes in that environment, you should use double quotes outside and single quotes inside. Please copy&paste the following line into your script (do NOT type it in) and try again:

Code: Select all
action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"


If this does not fix the issue, you have a problem with PHP code, its obviously not executed in your environment. In that case follow Altreas advice and provide more information.
Nobbie
 
Posts: 13170
Joined: 09. March 2008 13:04

Re: PHP_SELF causes 403

Postby dday9 » 13. October 2017 14:05

So, I did provide y'all with the real code (I didn't type it in, it was copy and pasted).

The version of xampp that I'm using is v3.2.2.
The charset is utf-8.
The browser is Chrome 61.0.3163.100.

I'm building the HTML from PHP in essentially a config file here:
Code: Select all
<?php
  return array(
    'forgot_password' => '...',
    'insert_customer' => '...',
    'update_settings' => '...',
    'insert_user' => '<div class="modal fade" id="frmCreateUser" tabindex="-1" role="dialog" aria-labelledby="frmCreateUserLabel" aria-hidden="true"> <div class="modal-dialog" role="document"> <div class="modal-content"> <div class="modal-header"> <h5 class="modal-title" id="frmCreateUserLabel">Create User</h5> <button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">&times;</span> </button> </div><form action="<?php echo htmlspecialchars($_SERVER[' . "'PHP_SELF'" . ']);?>" class="modal-body" method="post"> <div class="form-group"> <label for="txtCreateUserName">Display Name</label> <input type="text" class="form-control" name="display_name" id="txtCreateUserName" placeholder="Display Name" required="required" /> </div><div class="form-group"> <label for="txtCreateUserEmail">Email Address</label> <input type="email" class="form-control" name="email" id="txtCreateUserEmail" placeholder="username@domain.com" required="required" /> </div><input class="btn btn-primary" role="button" type="submit" value="Submit" /></form> </div></div></div>');
?>


And then the PHP code that is throwing the 403 error is the following:
Code: Select all
<?php
  /* validate login
  /*if(!array_key_exists('id',$_SESSION) || empty($_SESSION['id'])) {header('Location: index.php'); exit();} */

  $confirmationMessage = '';
 
  if ($_SERVER["REQUEST_METHOD"] == "POST") {
    try {
      $configs_database = include('php/config_database.php');

      // Database variables
      $dbHost = $configs_database['host'];
      $dbUsername = $configs_database['username'];
      $dbPassword = $configs_database['password'];
      $dbName = $configs_database['name'];

      /* Create connection */
      $dsn = "mysql:dbname=$dbName;host=$dbHost;charset=utf8mb4";
      $db = new PDO($dsn, $dbUsername, $dbPassword);
      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
      $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

      // Check if there is an existing user with that email
      $stmt = $db->prepare("SELECT COUNT(email) FROM user WHERE email=:email AND isActive='True';");

      // Parameterize the query
      $stmt->bindValue(':email', $_POST['email'], PDO::PARAM_STR);

      // Execute the query and return the results into $row
      $stmt->execute();
      $rowCount = $stmt->fetchColumn();

      if ($rowCount == 0) {
        // Create a random password and encrypt it
        $password = password_hash(/*randomPassword()*/'admin', PASSWORD_DEFAULT);

        // Insert a new user with the desired display_name and email
        $stmt = $db->prepare("INSERT INTO user (display_name, email, password, isActive) VALUES (:display_name, :email, :password, :isActive);");
       
        // Parameterize the query
        $stmt->bindValue(':display_name', $_POST['display_name'], PDO::PARAM_STR);
        $stmt->bindValue(':email', $_POST['email'], PDO::PARAM_STR);
        $stmt->bindValue(':password', $password, PDO::PARAM_STR);
        $stmt->bindValue(':isActive', True, PDO::PARAM_BOOL);

        // Execute the query
        $stmt->execute();
       
        $confirmationMessage = '<div class="alert alert-success" role="alert">' . $_POST['display_name'] . ' was created and a temporary password was emailed.</div>';
        exit();
      } else {
        $confirmationMessage = '<div class="alert alert-light text-danger" role="alert">A user with this email already exists.</div>';
      }
     
      // Explicitly close the connection
      $db = null;
    } catch(PDOException $ex) {
      echo $ex;
      $confirmationMessage = '<div class="alert alert-danger" role="alert">There was an error connecting to the database. If this error persists, contact the website administrator.</div>';
    }
  }
 
  function randomPassword() {
      $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
      $pass = array(); //remember to declare $pass as an array
      $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
      for ($i = 0; $i < 8; $i++) {
          $n = rand(0, $alphaLength);
          $pass[] = $alphabet[$n];
      }
      return implode($pass); //turn the array into a string
  }
?>
dday9
 
Posts: 6
Joined: 12. October 2017 18:08
XAMPP version: 3.22
Operating System: Windows 10

Re: PHP_SELF causes 403

Postby Chikwado » 13. October 2017 14:20

This Network Does Not Teach Code.It's xampp support
Window8.1 32bits, Code:Block/mingw, web, server, network and latest wine.
User avatar
Chikwado
 
Posts: 39
Joined: 16. July 2014 13:44
Location: Abuja, Nigeria.
XAMPP version: 3.2/php 7.2
Operating System: Window 8.1 32bits

Re: PHP_SELF causes 403

Postby dday9 » 13. October 2017 14:31

I understand and I'm not looking to be taught code, I want to know why I am getting a 403 error.
dday9
 
Posts: 6
Joined: 12. October 2017 18:08
XAMPP version: 3.22
Operating System: Windows 10

Re: PHP_SELF causes 403

Postby dday9 » 13. October 2017 14:46

I found the workaround: I simply omitted the action attribute. Since I'm using the HTML5 doctype, the browser will still submit the form.
dday9
 
Posts: 6
Joined: 12. October 2017 18:08
XAMPP version: 3.22
Operating System: Windows 10

Re: PHP_SELF causes 403

Postby Nobbie » 13. October 2017 15:45

You see, if you have shown us the full code immediately, i could have told yout, that THIS does not work. You try to generate PHP code within PHP code, but that is not executed twice. The PHP code generates PHP code, but this is plainly sent to the browser and the browser does not understand PHP. That causes the error. Obviously you are using a kind of CMS or similar for generating HTML code. You must not include PHP code in that HTML code.
Nobbie
 
Posts: 13170
Joined: 09. March 2008 13:04

Re: PHP_SELF causes 403

Postby Altrea » 13. October 2017 16:16

dday9 wrote:The version of xampp that I'm using is v3.2.2.

No, you are not. Read the post i linked to get more information about the xampp version number.

dday9 wrote:I found the workaround: I simply omitted the action attribute. Since I'm using the HTML5 doctype, the browser will still submit the form.

Be aware that omitting the action attribut in HTML5 is allowed by specification (the attribute is not allowed to have an empty value, but it is allowed to be omitted completely) but it is not specified that a browser has to send the form in such situations to the same url it was sended from.
So the worst case could be that a browserchanges it's behavior, or different browsers reacting differently on omitted action attributes.

More to read about the HTML5 specification on form action attribute here: https://www.w3.org/TR/html5/forms.html#attr-fs-action

It is best practice to always use the action attribute with an valid value if you want form data to be send to an url.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 84 guests