Sibidharan Sibidharan - 4 months ago 14
PHP Question

$_GET dynamic method call malfunctioning as index.php

This is my

.htaccess


RewriteBase /action
RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-s
RewriteRule ^(.*)$ action.php?fid=$1 [QSA,NC,L]

RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ action.php [QSA,NC,L]

RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^(.*)$ action.php [QSA,NC,L]


So this is placed in folder
/action


Now the file
http://domain/action/action.php?fid=
can be called as
http://domain/action/{fid}
where
fid
is function name which is called like below:



<?php
class Actions{

function call($func){
if(method_exists($this, $func) == true){
$this->$func();
} else {
http_response_code(403);
echo "403 Forbidden";
}
}

private function deleteFile(){
if(isset($_POST['auth'])){
if(!cookie_login($_POST['auth'])){
echo '403';
} else {
if(isset($_POST['token'])){
if(delete_file($_POST['token'])){
echo '200';
} else {
echo '500';
}
} else {
echo '404';
}
}
} else {
echo '404';
}
}
}

print_r($_GET);
$action = new Actions();
$action->call($_GET['fid']);


Now I am calling
deleteFile()
method like
http://domain/action/deleteFile
which has
$_GET['fid']
equals
deleteFile
as per the code.

But, that is not happening.

Case 1 Output:

Method:
POST


URL:
http://domain/action/deleteFile


Array
(
[fid] => index.php
)
403 Forbidden


Case 2 Output:

Method:
GET


URL:
http://domain/action/deleteFile


Array
(
[fid] => deleteFile
)
404


Description: There is no POST parameters here, that why it is echoing 404, but method executing.

Try 1: Change
$_GET
and
$_POST
into
$_REQUEST


Results doesn't change.

Now look at the Case 1 Output.

fid
should be
deleteFile
but it is
index.php
. If I comment out the
$this->$func();
which is inside the
Action->call($func)
method, here is the output.

Method:
POST
or
GET


URL:
http://domain/action/deleteFile


Array
(
[fid] => deleteFile
)


which shows, only when
$this->$func();
this line is there in
Action->call($func)
, it is not malfunctioning. Where the
index.php
comes from? Weird!!

I really have no idea about this issue. Please help.

Answer

It appears that your cookie_login function is probably messing with the $_REQUEST['fid'] variable. All the other code seems to be working as expected when I spun it up in a local dev instance.