.htacess removed .php form issue

[PeterManoukian]

 

 

Hello, I removed  .php extension with .htaccess

RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]

RewriteRule ^ %1 [R,L]

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME}\.php -f

RewriteRule ^(.*)$ $1.php

.php is removed, but wherever I have a form where

action = somepage.php

I am forced to change it to

action = somepage

these are old websites I am fixing, luckily one has all

action =$_SERVER['PHP_SELF']

is there someway to resolve so action takes the posted values no matter if

action = somepage.php or

action somepage or

action = $_SERVER['PHP_SELF']

So Instead of

form enctype="multipart/form-data" method="post" action="actionfr.php"

I am forced to change it to:

form method="post" action="actionfr"

Same goes for

form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"

 

[cyberRobot]

I have yet to use .htaccess in this capacity, so I'm only guessing here. Have you looked into redirecting the incoming links that have the .php extension? Perhaps you can use redirectMatch 302 (temporary redirect) or 301 (permanent redirect)? Here's an example that seems applicable:

http://www.lorem.biz/redirect/htaccess-new-file-extension.php

 

 

Also note that using the raw value from $_SERVER['PHP_SELF'] isn't recommended since it opens your website to XSS attacks. More information can be found here:

http://seancoates.com/blogs/xss-woes

[requinix]

Your .htaccess has effectively created a rule saying that "/foo" is the correct path to foo.php and that "/foo.php" is incorrect (as it redirects to somewhere better*). Your own website, including its links and forms, should be using the correct paths.

 

While you could actually tweak the .htaccess to allow POSTing to the incorrect location, you really shouldn't be doing that.

 

* That redirect is what's breaking your forms.

[LeJack]

When you use

<?php echo $_SERVER['PHP_SELF']; ?>

You will end up with

http://example/index.php

No matter how much you try to change the URL in the address bar, you'll always end up with the file and the file's extension.

If you want just the file without the extension, then you'll have to use

<?php echo $_SERVER['REQUEST_URI']; ?>

. When you use

<?php echo $_SERVER['REQUEST_URI']; ?>

You end up with

http://example/index

So you won't really have to change the action in your form every time. It will automatically do it for you. What it does is, it takes the file path of the URL, so if your URL is

http://example.com/I_will_only_show_you_once

It will always show the exact URL ending. It won't take http://example.com, you'll have to define that yourself. That can simply be accomplish by adding a few more stuff to it.

 

Here's your final code.

http://<?php echo $_SERVER['REMOTE_NAME']; ?><?php echo $_SERVER['REQUEST_URI']; ?>

When you use

<?php echo $_SERVER['REMOTE_NAME']; ?>

You only get the website name and not the actual http URL. If your site is http://example.com or http://facebook.com, it will always only show example.com or facebook.com. The "http://" part matters a lot. That's why you should type in "http://" yourself if you want to also include the full URL. It's the same thing as just using the REQUEST_URI method. There is also another way of submitting forms.

 

If you aren't targeting another page in the action form, you should leave it blank because it doesn't make any sense to specify the page name in the action form if you are just targeting itself.

 

Such as

<form action="test.php" method="POST">

And then that form belongs in the "test.php" file. Then why not just do this?

<form action="" method="POST">

You'll still get the same result if you leave the action blank. It'll help you in the long run since you aren't going to have the .php file extension if the URL doesn't end with .php This is basic HTML with basic PHP. Your issue doesn't have a lot to do with Apache configuration.