Home/ Questions/Q 9246277
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T09:27:18+00:00

I have a couple pieces of code that should grab a form from another

  • 0

I have a couple pieces of code that should grab a form from another website. The php in the header sanitizes the GET string in the URL.
Basically I have a page: order.html, which works if I paste the entire javascript function in it like so: 

<?php  if (isset($_GET['url'])) {
            echo file_get_contents("http://".sanitizeString($_GET['url']));
        }
function sanitizeString($var) {
    $var = strip_tags($var);
    $var = htmlentities($var);
    return stripslashes($var);
} ?>


<html>
<body>
<p>html text still displays</p>
<script>
document.write("<div id='info'></div>");
nocache = "&nocache=" + Math.random() * 1000000
request = new ajaxRequest()
request.open("GET", "<?php echo basename($_SERVER['SCRIPT_FILENAME']); ?>?url=platform.leedhub.com/merchants/form.php?merchant_id=<?php echo $_GET['merchantid']; ?>&margin=<?php echo $_GET['affiliateid'] ?>&padding=<?php echo $_GET['URL'] ?>" + nocache, true);
request.onreadystatechange = function()
{
    if (this.readyState == 4)
    {
        if (this.status == 200)
        {
            if (this.responseText != null)
            {
                document.getElementById('info').innerHTML =
                this.responseText
            }
            else alert("Ajax error: No data received")
        }
        else alert( "Ajax error: " + this.statusText)
    }
}
request.send(null)
    function ajaxRequest()
    {
        try
        {
            var request = new XMLHttpRequest()
        }
        catch(e1)
        {
            try
            {
                request = new ActiveXObject("Msxml2.XMLHTTP")
            }
            catch(e2)
            {
                try
                {
                    request = new ActiveXObject("Microsoft.XMLHTTP")
                }
                catch(e3)
                {
                    request = false
                }
            }
        }
        return request
    }
</script>
</body>
</html>

However, it will not work if I take the written javascript and include it from an external url.

<?php  if (isset($_GET['url'])) {
echo file_get_contents("http://".sanitizeString($_GET['url']));
}
function sanitizeString($var) {
$var = strip_tags($var);
$var = htmlentities($var);
return stripslashes($var);
} ?>
<p>html text still displays</p>
<html>
<body>
<script src="urlget.js"></script>
</body>
</html>

I’m getting a 403 Forbidden Error. It’s telling me from request.send(null).

Access Forbidden
You don’t have permission to access the requested object. It is either read-protected or not readable by the server.

Do you have any idea how I can remedy this? I need the script to be an external file so I can include it on multiple websites.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think it is a file system permission issue. You must make sure that the web server has read access on the urlget.js file. You have to find out as which user is running the worker of the web server and give to that user read permission for urlget.js file.

    • 0