Redirect Errors

69 Posts

jeffsydor Reply #1, 6 years, 2 months ago

I have an odd problem with some URLs for an installation that I’ve taken over.

Our employee biography page content is being redirected to from another URL via a parameter that uses their usernames. However, the issue is only usernames that end in a number 3 are directed to a 404 error page. These requests are coming from our intranet.

For example: http://www.bipc.com/bio?id=JACOBSO3
Should populate content from: http://www.bipc.com/richard-jacobson
Sample that works: http://www.bipc.com/bio?id=DOUGHER1

The link method from the intranet is not typical either. It's done using an onClick on the enclosing div:

onclick="OnReportSelect('JACOBSO3','http ://www.bipc.com/bio?id=')"

This is the case with any usernames ending in 3 (3, 13, 93, 458283, etc…). I’ve tried to find this “bio” page but it doesn’t seem to exist. Other than the primary JS file, there are no other scripts that are running to examine. Also, there is nothing special on the page templates that points to this action. I’ve tried manually redirecting the pages to their main URLs from the .htaccess file with no luck with this. I’m also not very experienced with regex yet. [b]First try:[/b]

Redirect 302 /^bio?id=JACOBSO3 /richard-jacobson/

[b]Second Try:[/b]

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$

RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

RewriteRule ^bio?id=JACOBSO3/?$ /richard-jacobson [R=301,L,NC]

[b]Latest Try:[/b]

RewriteRule ^bio\.id\.JACOBSO3?$ /richard-jacobson [NC,L]

I’m assuming my error has something to do with the special characters following “bio”. But I’m not sure how to correct those. Any help would be appreciated. Thanks

This question has been answered by jeffsydor. See the first response.

[ed. note: jeffsydor last edited this post 6 years, 2 months ago.]

571 Posts

Andy Tough Reply #2, 6 years, 2 months ago

It looks like the pages may be referencing vcard files.

If you look at the source code for http://www.bipc.com/richard-jacobson there is the following. vcard 561 is richard-jacobson.

<div class="contact-widgets">
									<div class="widget">
										<a href="http://www.linkedin.com/in/richardajacobson" class="linkedin">REACH OUT ON LINKEDIN</a>
									</div>
									<div class="widget">
										<a href="vcard.vcf?id=561" class="vcard">DOWNLOAD vCARD</a>
									</div>
									<div class="widget">
										<a href="" class="print">PRINT MY BIO</a>
									</div>
								</div>

If you go to resource 561 on your site, it is Richard Jacobson.
http://www.bipc.com/index.php?id=561

I know this doesn't solve your problem but perhaps it will help you unravel what is going on?!

If I help you out on these forums I would be very grateful if you would consider rating me on Trustpilot: https://uk.trustpilot.com/review/andytough.com

email: [email protected] | website: https://andytough.com

69 Posts

jeffsydor Reply #3, 6 years, 2 months ago

What makes you think that vcards would be the problem?

1,154 Posts

nuan88 Reply #4, 6 years, 2 months ago

Pretty interesting. vcard is involved because it is used to get the bio, which is there.

That onclick link is intended to connect username JACOBSO3 with the resource id number of the bio, 561, but it doesn't. Its possible that one or the other has changed, but not likely given the set of bad links.

Given that the number 3 is the only offending one, I would suspect collation, tbh, vcard or the db may be expecting utf8 for example, but getting something funky.

69 Posts

jeffsydor Reply #5, 6 years, 2 months ago

Don't know if this helps any, but this is the plugin that seems to be managing it. I'm not seeing how this could be returning an error when the TV AttorneyEmployeeID ends in a 3. >:(

<?php
//error_reporting(E_ALL);
//ini_set('display_errors','1');

if ($modx->event->name != 'OnPageNotFound') {return false;}
$alias = $modx->context->getOption('request_param_alias', 'q');
if (!isset($_REQUEST[$alias])) {return false;}

$request = $_REQUEST[$alias];
$tmp = explode('/', $request);
// let's check $tmp[0], it have to be among of the next containers: unis, courses, reviews,ODs, videos
// TODO: values mask checking!!!!

if("bio" == trim(htmlspecialchars(urldecode($tmp[0])),ENT_QUOTES)){  // attorney page for CRM needs only
    $q = $modx->newQuery('modResource');
    $q->leftJoin('modTemplateVarResource','TV','TV.contentid=modResource.id');
    $q->where( array(
        'template' => 16, //Attorneys
        'context_key' => $modx->context->key,
        'TV.tmplvarid' => 61,  // AttorneyEmployeeID
        'TV.value' => strtoupper(trim(htmlspecialchars(urldecode($_GET['id'])),ENT_QUOTES)) //htmlspecialchars(urldecode($_GET['id']))
    ));
    $q->select(array('modResource.id'));
    $q->prepare();
    $q->stmt->execute();
    $att = $q->stmt->fetch(PDO::FETCH_ASSOC);
    if(!$att) return false;
    $modx->sendForward($att['id']);
}

$q = $modx->newQuery('modResource');
$q->where( array('alias' => $tmp[0], 'template:IN' => array(16,12,28,22,37,38,45,50), 'context_key' => $modx->context->key) );
$q->select(array('id'));
$q->prepare();
$q->stmt->execute();
$cont = $q->stmt->fetch(PDO::FETCH_ASSOC);
if(!$cont) return false;
$_GET['type'] = $_REQUEST['type'] = $tmp[1];
$modx->sendForward($cont['id']);

69 Posts

jeffsydor Reply #6, 6 years, 2 months ago

Sorry for all the postings. But I think I found the error. I'm not sure what to do however.

On lines 26-28, there's this code:

$att = $q->stmt->fetch(PDO::FETCH_ASSOC);
if(!$att) return false;
$modx->sendForward($att['id']);

When I replace $att['id']; on line 28 with any resource id (i.e. 561, which is the Jacobson Resource ID), the page on https://www.bipc.com/bio?id=JACOBSO3 loads correctly. So I'm assuming that there is some problem with the definition line fetching the correct Resource ID for TV items ending in '3' (i.e. JACOBSO3).

Or am I losing my marbles?

1,154 Posts

nuan88 Reply #7, 6 years, 2 months ago

Good work! You'll be speaking in pure PHP in no time!

Now what you need to do is kind of go backwards, and we need to know what that value of $att is at the end of that little process, so run it and

echo "$att";

or maybe

echo $att;

and you may find the 3 has been stripped by the htmlspecialchars trimming of the content. It seems to me that term is unneeded and possibly causing the problem.

Does your company have a standard number of numbers/letters? We may use 'limit' to sort of protect against some type of problem.

You may also want to figure out whether the data in

        'template' => 16, //Attorneys
    ...
        'TV.tmplvarid' => 61,  // AttorneyEmployeeID

what it looks like, as the username list is the one that seems broken

24,544 Posts

BobRay Reply #8, 6 years, 2 months ago

Interesting problem. When I click on Richard Jacobson's picture on the People page, I get his page. Did you fix it, or do I need to do something else to see the problem?

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

1,154 Posts

nuan88 Reply #9, 6 years, 2 months ago

These requests are coming from our intranet.

The problem is the onclick link in their intranet, that's where they are using the employee usernames to lead to their bio

24,544 Posts

BobRay Reply #10, 6 years, 2 months ago

In that case, we need to see the code with the onclick call and the JS containing the function it calls. I couldn't find them above.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

Answered Redirect Errors