Jump to content

Error message by selector '%'

kreativmonkey

By kreativmonkey
in General Support

 Share

Recommended Posts

kreativmonkey Full Member

kreativmonkey

Posted
Posted

Hi,

scince two weeks i have start my live webpage with processwire. Now i get the following error message on the administration e-mail for error messages:

Error: Exception: Unknown Selector operator: '%' -- was your selector value properly escaped? (in ./produktiv/wire/core/Selectors.php line 281)

That error is called by the guest user and i don't know what this user do! I think this user is a bot because the error triggers day and night.

Now i would like to protect the page, that this error message never come back. But i don't know how i can start to find out what the bot calls!

The only idea that i have is the $input->urlSegment but when i type in http://www.url.example/% i get the message "Bad Request" and nothing happends on the error log!

Or this part of Code:

/***************************
* Redirect the old URLs to the new Position
* Use the oldurl field on the Post template
**************************/
$thisurl = $sanitizer->url("http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
$redirect = $pages->get("template=post, oldurl=$thisurl");
if(!$redirect instanceof NullPage){
    $session->redirect($redirect->url);
}

Can anyone help me?

Adam Kiss Hero Member

Adam Kiss

Posted
Posted

This happens when "your selector isn't properly escaped", in this case, it seems that $thisurl might be empty.

$redirect = $pages->get("template=post, oldurl=$thisurl");
// if $thisurl is empty, the selector is "template=post, oldurl=", which is wrong
// solution: add check for $thisurl

if ($thisurl){
  $redirect = $pages->get("template=post, oldurl=$thisurl");
  
  if(!$redirect instanceof NullPage){
    $session->redirect($redirect->url);
  }
}
kreativmonkey Full Member

kreativmonkey

Posted
  • Author
Posted

Hi Adam Kiss,

thank you for the replay but this didn't solve the problem. I get every day 10 or more massages from this error selector '' or selector '%'. I can't locate the problem in my code....

Wanze Hero Member

Wanze

Posted
Posted (edited)

Anything you put into a selector must be sanitized with $sanitizer->selectorValue(), you are using $sanitizer->url() which is not enough. An URL can for example contain the problematic "%" character, which is a reserved in a selector string.

Edited by Wanze
Corrections
LostKobrakai Hero Member

LostKobrakai

Posted
Posted

…, you are using $sanitizer->url() which is not correct in this context.

To soften that statement a bit: $sanitizer->url() is still needed to sanitize input to a valid url, but to use the url as part of a selector you need to also use $sanitizer->selectorValue() as well.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...