I implemented functions to encode and decode the information necessary to build a widget so that the encoded information could be included in a URL. See #283535: User created widgets for prior discussion. This allowed me to:
-Generate widgets from a URL without loading them from the database. Some information is checked against the database to make sure the widget is valid.
-Implement live preview without caching widgets.
-Make the URL's more secure. (See #287467: Prevention against hacking)
This method works perfectly on my local server, but on my web host's server it does not work. An example from the demo site...
This link that uses an encoded widget in URL should generate the same widget as this link: http://deviable.com/widgets/embed-widgets/1/embed/iframe/ which just loads the widget from the database.
Instead, the first link loads the front page. Neither the page callback function or the load function specified for the menu item is executed. I have cleared the cache and tried it on old and fresh installs. The menu item does exist in the database in menu_router. I am at a loss as to why it would work on one server and not the other.
If anyone can test this on their web server, please do.
If there is no solution, I will find other ways to produce secure URL's and generate a live preview of the widget.
Comments
Comment #1
alex ua commentedIt seems to me that the problem is with the length of the URL. I cut pieces off of the url and didn't get a 404 until I reached this (I'm breaking it up so that it all fits here):
http://deviable.com/widgets/embed-widgets/embed/iframe
/YTo3OntzOjM6IndpZCI7czoxOiIxIjtzOjY6InN0YXR1cyI7czoxOiIwIjtzOj
U6InRpdGxlIjtzOjEyOiJNdWx0aS1XaWRnZXQiO3M6MTE6ImRlc2NyaXB0aW9
uIjtzOjQ0OiJUaGlzIGlzIGEgd2lkZ2V0IG1hZGUgZnJvbSBtdWx0aXBsZSBzb3VyY2Vz
LiI7czo3OiJzb3VyY2VzIjthOjE6e2k6MTthOjY6e3M6NToidGl0bGUiO3M6ODoiR2xvc3
NhcnkiO3M6NDoidHlwZSI7czozMjoiMWJkYTgwZjJiZTRkMzY1OGUwYmFhNDNmYm
U3YWU4YzEiO3M6Njoid2VpZ2h0IjtzOjM6Ii0xMCI7czo0OiJ2aWV3IjtzOjMyOiJkNjNh
YWRlZmI4NGQ5NDVkM2ZhYThlYWEzNWY1MDE1ZCI7czo3OiJkaXNwbGF5IjtzOjc6
ImRlZmF1bHQiO3M6OToiYXJndW
There is probably a restriction on the server that is not allowing a url this long to get passed, since it may be seen as an attempted DDoS attack.
Comment #2
jtsnow commentedI am using base64_encode() to encode the information. Obviously, the encoded string it is too long. Using md5() would provide a short enough URL, but md5 is one-way encryption. I would need a way to decode the information passed via the URL. If anyone knows of a shorter two-way encryption method, please let me know.
Comment #3
jtsnow commentedOk, I have taken a different approach. Widgets will no longer be built completely from URL's. During live preview, widgets are cached. I think it is better this way. It made the code more simple and URL's shorter and still secure.
Comment #4
jtsnow commentedMarking this as fixed.
Comment #5
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.