Duplicate query strings in url - sql

I have a site that was recently moved to a new server. It seems as though if a link on the site, or entered directly in the address bar, include a query string such as :
https://www.web.site?id=5314&type=course
It would automatically duplicate it to be:
https://www.web.site?id=5314&type=course&id=5314&type=course
Notice the duplicate url parameters?
id=5314&type=course&id=5314&type=course
I've combed through my code and I cannot determine what's causing this. Is there anywhere else I should be looking?
This is a ColdFusion site running on a Windows server.

Related

Localhost API for TD Ameritrade

I was creating an API for TD Ameritrade (my first time creating or dealing with APIs) and I needed to put in my own call back URL. I know that callback URL is where the API sends information to and i heard that I can just use my localhost API. I scoured the internet and I dont know how that would work and I was wondering if i can just use http://localhost?
Sorry if I seem like a noob because I am
In short, yes.
Follow the excellent directions at
https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/. (Even with them, I spent excessive time on trial and error!)
Since stackoverflow has a limit of 8 links in a response, and the localhost text string looks like a link, I’m showing it with the colon replaced by a semicolon, i.e., http;//localhost to reduce the link count. Sorry.
I used the Chrome browser after first trying Brave, which did not work for, possibly because of my option selections.
Go to https://developer.tdameritrade.com/user/me/apps
Add a new app using http;//localhost (delete existing app if there is one).
Copy the resulting consumer key text string (AKA client_id or OAuth User ID).
Go to https://developer.tdameritrade.com/content/simple-auth-local-apps, follow instructions. Note: leading/trailing blanks were inserted by MSWord due to copy/paste of the auth code, which had to be manually deleted after wasting excessive time identifying the problem. The address string looks like:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=ConsumerKeyTextString%40AMER.OAUTHAP
This returns a page stating the server refused to connect, but the address bar now contains a VeryLongStringOfCharacters in the address bar:
https;//localhost/?code= VeryLongStringOfCharacters
Copy the contents of the address bar, go to https://www.urldecoder.org/, decode the above, and extract the text after “code=”. This is your refresh_token
Go to: https://developer.tdameritrade.com/authentication/apis/post/token-0, fill out the fields with
grant_type=authorization_code
refresh_token=<<blank>>
access_type=offline
code=RefreshTokenTextString
client_id=ConsumerKeyTextString#AMER.OAUTHAP
redirect_uri=http://localhost
Press SEND.
If the resulting page starts with HTTP/1.1 200 OK, you have succeeded.
Try updating your redirect to:
redirect_uri=https://localhost
They may require https now and you need a colon instead of a semicolon. Everything looks correct. This process generally takes me more then one attempt, and 15 minutes to an hour to get my refresh token squared away every 90 days.
dont use #AMER.OAUTHAP in client_id
If you generate a new code and based on that try to get a new access token. it should work.

Empty CGI.REDIRECT_URL on ColdFusion 2016

I'm in the process of moving a site to ColdFusion 2016 on Linux/Apache, but one issue we have is the CGI.REDIRECT_URL value is empty. I checked and the following was in the /etc/apache2/mod_jk.conf file:
JkEnvVar REDIRECT_URL
It exists, but it's empty.
I couldn't find much on the web to help except this article, but its already setup like that. Vivio thought 2016 had the redirect_url in the request scope, but that's empty as well.

getting full URI + extra #segment in Apache logs

I would like to track users clicks on my website.
For that purpose, I would like to take advantage, if possible, of my Apache log system, which already tracks many things.
The idea would be, putting inside my source page "source.html" a link to "target.html" in the following way:
<a href='target_url.html' OnClick ='window.location="target_url.html#key"'>my mink which i want to track...</a>
with a well chosen key (typically, source url + link id + ...)
If the Apache log system could store the full path "target.html#key" whenever a user follows the link, it would be great, but as it is now, my Apache log system removes the last segment, and only stores the path "target.html".
Any idea on this issue ?
Many thanks by advance,
r.
URL segments are not passed to the server, their implementation is completely up to the client side (the browser). URL segment will never appear in logs, not will it back send to back-end scripts.

Can we use Request.QueryString in classic ASP if using URL masking?

I'm writing a website for a local club of ours. I've got all the site written in ASP linked to our backend SQL server and it works lovely. I want to create player profiles now. Normally I would use "(a href=playerdetails.asp?ID=1) Player 1 (/a)" then in the ASP section of the page use strsql = "SELECT * FROM Players Where ID=" & request.querystring("ID").
However, this is where my problems starts. To save money for the club, I am also hosting the site for them on my private domain. We have registered there domain and instead of paying for hosting, we're just redirecting the traffic via the domain registers URL forwarding, using masking. Therefore instead of the URL saying www.mydomain.com/club/ it says www.club.com.
Thus the original question... Can I use request.querystring with the setup we have? If not, is there a way around it as the club doesn't really have the budet for a hosted site with SQL in the backend.
Thanks in advance,
Paul.
PS <'s in the link replaced with ('s to display correctly.
A couple of things:
URL Masking uses frames to hide the actual URL. You can still use query string values in the URL, however you will not see the URL in the address bar change, because it will always be www.club.com do to the URL masking.
http://en.wikipedia.org/wiki/Domain_Masking
Second you are opening up your site to SQL injection attacks:
NEVER trust user input
NEVER use Request.QueryString or Request.Form in SQL states without filtering out bad characters and keywords.
http://en.wikipedia.org/wiki/SQL_injection

Report Builder 3.0 with SharePoint List as data source using relative URL for list

I'm using Report Builder 3.0 to create a report for use in SharePoint 2010. SQL Server 2008 R2 is the back end with Reporting Services in SharePoint Integrated Mode. One of the cool features of Report Builder 3.0 is the use of a SharePoint List as a data source, the setup for which is very straightforward--just give it the URL for the SharePoint List as the connection string and it works.
I eventually want to package this site as a Site Template including the report that lives in it, which means that the URL will need to be relative instead of absolute. So for example instead of this:
http://mainsite/subsite1/lists/mylist
... I need to specify something like this:
mylist
... so that when I package this as a Site Template and create a new site based on that template, the report will work with the new site's list instead of pointing back to the original site's list URL. I've tried "mylist", "lists/mylist", etc.--everything short of specifying subsite1/lists/mylist--but nothing has worked so far except for the full URL.
Is it possible to use a relative URL or some other method so that the connection string won't have to be manually changed in the report every time I create a new site based on this site template?
Edit: I misunderstood what needed to go in the data source's connection string. It's not the URL to the list but rather the URL to the site that goes in the connection string. The concept of the question remains valid though--need to dynamically set the connection string of a data source that points to a SharePoint list.
After brainstorming with some co-workers we figured it out. The key is to use an expression for the connection string. Using my original example the goal is to get this:
http://mainsite/subsite1/
... in the connection string but without hardcoding it--make it dynamic based on where the report lives so the report can be packaged along with the rest of the site as a site template. The expression I ended up with is:
=Replace(Globals!ReportFolder, "Reports", "")
The report lives in a library called "Reports", so Globals!ReportFolder returns:
http://mainsite/subsite1/Reports
The Replace() function then takes out the "Reports" part of the string, and the result is the connection string I wanted.
Things to look out for:
You can't test the expression while you're building the report. I had to hardcode the site URL into the connection string so the designer could populate the list of lists when creating a dataset based on that data source. Otherwise it doesn't show the available lists and you have to manually type everything. After designing the report I changed the connection string to the expression, and when deployed it worked.
When testing make sure to refresh your browser view instead of the little refresh icon in the report's task bar. Seems like the report's built-in refresh only grabs new data but uses the rdl file it already has on hand, whereas refreshing the browser forces it to get the latest copy of the rdl as well as latest data. That's probably self-explanatory, but it caused me some confusion for a few minutes when it didn't look like my design changes made any difference, so hopefully this will help others not go through the same confusion.