Using GET parameters or hashes in the URL fieldtype

[Nelson]

Hello everyone,

I'm using the URL fieldtype to provide an alternative url for some pages but now I need the ability to use, like the title says, GET parameters or url hashes.

It seems that is unsupported right now, so I would like to ask you good fellows if you have been in the same situation and if there's a solution to this?

Thank you very much.

[Nico Knoll]

Instead of using $_GET you should use $input->get->.

It's like:

$_GET['title']

//same as

$input->get->title

The difference is that $input->get is safe. So no mysql injections and that stuff

Edit: I think I misunderstood you're question

Edited September 28, 2012 by Nico

[apeisa]

Nico, input->get ain't safe, you need to sanitize data before using it in your selectors.

[Nelson]

I'm sorry, maybe I didn't explained myself well enough.

What I mean is, inside the backoffice I have a field of the type URL that is there if an alternative url is needed for some specific page.

And what I'm trying to do in that field, is to insert urls that may contain GET parameters or url hashes.

For example:

/somepage/?param=stuff or /somepage/#somehash

But when I tried to insert urls like those, the field says that the url inserted is invalid.

[Nico Knoll]

Oh, ok, then I guess something has to be changed in the core by ryan. Alternatively you could use a regular text field for it...

[ryan]

Nelson, try using a fully qualified URL with http:// and domain at the beginning. That will make it use a normal URL filter (which allowed GET vars and hashes). It's more restrictive on URLs where you just specify a path.

[Nelson]

Thank you Ryan. I made a workaround (hardcoded, it was just one url for a menu) for this but it's good to know for the next time I need it.

But I'm curious, why it's restricted this way? It's a security issue?

[ryan]

But I'm curious, why it's restricted this way? It's a security issue?

There's not a great reason. Basically, if it's a local URL (just as path) then it gets validated consistent with ProcessWire page path rules. If it's a full URL with schema and domain, then it gets validated by PHP's filter_var rules. So it's just a matter of what validates it. Probably what I should do is change the path validation.