A quick note on a htaccess rewrite rule I'm liking.
What does it do?
What I type: Sends this to server:
http://www.mywebsite.com/index.php?myFolder=blog&myFiles=videos
- http://www.mywebsite.com/index.php?myFolder=blog&myFiles=videos
Options -Indexes +FollowSymlinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !index.php RewriteCond %{REQUEST_URI} ^/([^\.]+)\/([\w]+).html [NC] RewriteRule .* index.php?myFolder=%1&myFiles=%2 [L] ErrorDocument 400 /error/?v=400 ErrorDocument 401 /error/?v=401 ErrorDocument 403 /error/?v=403 ErrorDocument 404 /error/?v=404 ErrorDocument 500 /error/?v=500
- Options -Indexes +FollowSymlinks
- RewriteEngine On
- RewriteBase /
- RewriteCond %{REQUEST_URI} !index.php
- RewriteCond %{REQUEST_URI} ^/([^\.]+)\/([\w]+).html [NC]
- RewriteRule .* index.php?myFolder=%1&myFiles=%2 [L]
- ErrorDocument 400 /error/?v=400
- ErrorDocument 401 /error/?v=401
- ErrorDocument 403 /error/?v=403
- ErrorDocument 404 /error/?v=404
- ErrorDocument 500 /error/?v=500
Additional Notes
If you do apply the above to your site, bear in mind the following is also true:
http://www.mysite.com/blog/pretty_much_anything_i_want_to_type_here.html --yields http://www.mysite.com/index.php?myFolder=blog&myFiles=pretty_much_anything_i_want_to_type_here.html
- http://www.mysite.com/blog/pretty_much_anything_i_want_to_type_here.html
- --yields
- http://www.mysite.com/index.php?myFolder=blog&myFiles=pretty_much_anything_i_want_to_type_here.html
So I sanitize on the receiving index.php file:
- Check for possible Code Injection
- Do NOT allow the use of apostrophe or double-quotes, convert these to a numerical representation only if you need to convert them back later (eg. 034, 039).
- Do NOT allow any punctuation you don't use in your site structure. Slashes and underscores /_ are good (so regexp: /[^a-zA-Z0-9_\/]/). If you allow percents (%) or apostrophes (*) then you are asking for trouble.
- Note my redirect for errors.
- Split the first string "myFolder" with the slash (/) as a delimiter, controlling the syntax/format of your site URLs.
http://www.mysite.com/blog/videos/2010/january/21.html // sends index.php?myFolder=blog/videos/2010/january&myFiles=21
- http://www.mysite.com/blog/videos/2010/january/21.html
- // sends
- index.php?myFolder=blog/videos/2010/january&myFiles=21
var $site_structure_string = $_GET['myFolder']; $site_structure_string = preg_replace('/[^a-zA-Z0-9_\\/]/', '', $site_structure_string); var $site_structure_item = $_GET['myFiles']; var $site_structure_array = explode('/', $site_structure_string); // yields $site_structure_array[0] = 'blog' $site_structure_array[1] = 'videos' $site_structure_array[2] = '2010' $site_structure_array[3] = 'january' $site_structure_item = '21'
- var $site_structure_string = $_GET['myFolder'];
- $site_structure_string = preg_replace('/[^a-zA-Z0-9_\\/]/', '', $site_structure_string);
- var $site_structure_item = $_GET['myFiles'];
- var $site_structure_array = explode('/', $site_structure_string);
- // yields
- $site_structure_array[0] = 'blog'
- $site_structure_array[1] = 'videos'
- $site_structure_array[2] = '2010'
- $site_structure_array[3] = 'january'
- $site_structure_item = '21'
Oh and the above does NOT allow: If you want this, I think the rewrite rule is:
RewriteCond %{REQUEST_URI} ^/([\w]+).html [NC]
- RewriteCond %{REQUEST_URI} ^/([\w]+).html [NC]