Illegal use of $_GET - phpbb 3.2.x - how to use $request

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
catwiesel
Registered User
Posts: 16
Joined: Thu Jun 27, 2013 11:14 am

Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by catwiesel » Thu Jun 21, 2018 2:48 pm

Hello,

I am currently writing a small homepage, which will use the user authentication of phpbb. This is NOT an extension and it will not use more from phpbb.
Maybe, very far down the line, I may want to generate text and save that as a draft in phpbb.

Anyway,

I try to use GET to switch between my sites (for example index.php?site=1 or ?site=2) to view different content.
This seems not to work since I use phpbb authentication and therefore have to load some stuff from phpbb.

I know that it would work if I enable super globals. I understand that I actually could do that for my website, since it is not an actual extension.
However, you guys made an effort to make security better, and why not keep that?

I did some research and found that I am supposed to use the $request.
I found examples for $_SERVER, I found lengthy discussion about people trying different permutations, but not on GET.

like: viewtopic.php?f=461&t=2310166

$path = $_SERVER['DOCUMENT_ROOT']; --> $path = $request->server('DOCUMENT_ROOT', '');

I found so much, and it helped very little.

I ask for a very simple line of code, which I will have to use to get to my $_GET

I tried: $site = $request->get('site','');

I would also be interested in a more verbose explanation on how/why the correct line of code works. But I dont require it.

Thank you in advance!
Catwiesel

User avatar
canonknipser
Registered User
Posts: 1544
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by canonknipser » Thu Jun 21, 2018 6:04 pm

catwiesel wrote:
Thu Jun 21, 2018 2:48 pm
I tried: $site = $request->get('site','');
For your case
$site = $request->variable('site', 1);
should work (the 1 will be the default when no value was given).
But you need to have the phpBB initialization code in your script (see any core script in the phpBB root folder, eg. https://github.com/phpbb/phpbb/blob/mas ... hp#L17-L27 ):

Find some other examples for variables passed to the script in the following lines: https://github.com/phpbb/phpbb/blob/mas ... hp#L28-L33

You can check the complete class in the api documentation; you may be interested in the "variable" method
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

catwiesel
Registered User
Posts: 16
Joined: Thu Jun 27, 2013 11:14 am

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by catwiesel » Thu Jun 21, 2018 7:18 pm

thank you!

I do have the initialization code loaded. otherwise I could not use the phpbb userdate. furthermore, it should not block me from using $_GET

I will test this and look at the documentation tomorrow. I now must drink beer and play a game :)

catwiesel
Registered User
Posts: 16
Joined: Thu Jun 27, 2013 11:14 am

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by catwiesel » Fri Jun 22, 2018 8:34 am

canonknipser wrote:
Thu Jun 21, 2018 6:04 pm

$site = $request->variable('site', 1);
It works.

I noticed something though.

When you set the default to an integer, the variable will always be an integer.
If you put it in quotes and therefore as a string, you also can use strings.

?site=admin wont work with ('site',1)
?site=2 will work with ('site',1)

?site=admin will work with ('site','1');


Again, thank you!

User avatar
canonknipser
Registered User
Posts: 1544
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by canonknipser » Fri Jun 22, 2018 8:56 am

catwiesel wrote:
Fri Jun 22, 2018 8:34 am
When you set the default to an integer, the variable will always be an integer.
If you put it in quotes and therefore as a string, you also can use strings.
From your example in the opening post, I assumed you wanted a parameter of integer value :oops:

I forgot to mention the coding guidelines which reference this behaviour: https://area51.phpbb.com/docs/32x/codin ... ml#general
The $request->variable() method determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the variable() method explicitly
and the development documentation as a general overview: https://area51.phpbb.com/docs/dev/
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB

catwiesel
Registered User
Posts: 16
Joined: Thu Jun 27, 2013 11:14 am

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by catwiesel » Fri Jun 22, 2018 11:21 am

From your example in the opening post, I assumed you wanted a parameter of integer value :oops:

I forgot to mention the coding guidelines which reference this behaviour: https://area51.phpbb.com/docs/32x/codin ... ml#general
Don't feel bad. I am very grateful to get the working line and it was only a matter of testing twice to get the string working.

Thanks for the coding guidelines, too.

Toxyy
Registered User
Posts: 456
Joined: Mon Oct 24, 2016 3:22 pm

Re: Illegal use of $_GET - phpbb 3.2.x - how to use $request

Post by Toxyy » Fri Jun 22, 2018 11:24 am

catwiesel wrote:
Fri Jun 22, 2018 8:34 am
canonknipser wrote:
Thu Jun 21, 2018 6:04 pm

$site = $request->variable('site', 1);
It works.

I noticed something though.

When you set the default to an integer, the variable will always be an integer.
If you put it in quotes and therefore as a string, you also can use strings.

?site=admin wont work with ('site',1)
?site=2 will work with ('site',1)

?site=admin will work with ('site','1');


Again, thank you!
In posting.php mode=reply/comment/quote is formatted like

Code: Select all

$mode = $request->variable('mode', '');
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Post Reply

Return to “phpBB Custom Coding”

Who is online

Users browsing this forum: No registered users and 2 guests