尝试将 url 的 preg_replace 部分用作 php 变量
我们的网站在开头有这个调用来查找页面的名称(例如product.html,product = name)并向其添加“-tabs”以生成变量$block_name:
<? $current_url = $_SERVER['REQUEST_URI']; // this will return everything after the http://www.domain.xx including preceding "/"
$block_name = preg_replace ("/^(?:.*)\/(.*).html$/", "$1-tabs" , $current_url); ?>
然后该变量用于稍后调用静态块这个:
<?php echo $this->getLayout()->createBlock('cms/block')->setBlockId($block_name)->toHtml() ?>
如果有人访问 http://example.com/product.html ,它就可以正常工作,但是如果我使用任何 URL 跟踪,例如 Analytics,并且 URL 末尾有以下内容:
http://example.com/product.html?utm_source=newsletter&utm_campaign=product_launch&utm_medium=email
然后变量未正确创建,静态块未加载。
有没有办法忽略 .html 之后的任何内容,以便任何跟踪附加都不会影响静态块加载?
谢谢!
Our site has this call at the beginning to find the page's name (e.g. product.html, product = name) and adds '-tabs' to it to produce the variable $block_name:
<? $current_url = $_SERVER['REQUEST_URI']; // this will return everything after the http://www.domain.xx including preceding "/"
$block_name = preg_replace ("/^(?:.*)\/(.*).html$/", "$1-tabs" , $current_url); ?>
The variable is then used to call a static block later with this:
<?php echo $this->getLayout()->createBlock('cms/block')->setBlockId($block_name)->toHtml() ?>
It works fine if someone goes to http://example.com/product.html, but if I use any url tracking, like Analytics, and the url has this at the end:
http://example.com/product.html?utm_source=newsletter&utm_campaign=product_launch&utm_medium=email
Then the variable isn't created properly and the static block doesn't load.
Is there a way to ignore anything after the .html so that any tracking appending doesn't impact the static block loading?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
preg_replace("/^(?:.*)\/(.*).html\??.*$/", "$1-tabs" , $current_url)preg_replace("/^(?:.*)\/(.*).html\??.*$/", "$1-tabs" , $current_url)我建议首先在该位置上使用 parse_url ,这将剥离获取变量。从那里,您可以按照当前的方式操纵它。
I would recommend using parse_url on the location first, which will strip off the get variables. From there, you can manipulate it as you currently are.
由于您使用的是 Magento 并且似乎是在模板内编写代码,因此您可以执行以下操作:
产品页面上的多个模板已经为您定义了
$_product,这使得它变得更加容易。当以非 SEO 方式请求页面(例如“http://www.example.com/catalog/product/view/id/123/”)或 URL 中包含类别名称时,此方法有效。
$_SERVER无法处理这些情况。使用 $_SERVER 中未经验证的值允许攻击者将值插入到您的代码中,这绝对是不好的。Since you're using Magento and appear to be writing code inside a template you can do this:
Several templates on the product page already define
$_productfor you which makes it even easier.This way works when a page is requested the non-SEO way, such as "http://www.example.com/catalog/product/view/id/123/", or when a category name is in the URL.
$_SERVERcould not handle these cases. Using an un-validated value from $_SERVER allows an attacker to insert values into your code which is definitely bad.