Thread

I have a photography site with a daily photos feature. Somehow, someone has figured out that typing in a dummy url will generate a single page with all the daily photos -  I suspect it is a simple way for them to browse my entire daily photo collection and download the ones they like.

I noticed this because of the unusual url in my google analytics reports.

My url structure is like this:

<a href="http://www.mysite.com/stories/daily_photos/year/month/day.php">http://www.mysite.com/stories/daily_photos/year/month/day.php</a>

The user is simply changing segment 3 like so:

<a href="http://www.mysite.com/stories/daily_photos/testing.php">http://www.mysite.com/stories/daily_photos/testing.php</a>

This pulls up a consolidated page of all daily postings. I also just realized that simply changing segment 3 to anything at all still pulls up the page!  EE implements 404 up to segment 2, then allows you to use a “require_entry” parameter from there onwards if necessary.  Using the “require_entry”,  the entire page goes blank.  I also have “enable strict urls” set to “yes”. ( so not working for me).

Not sure how to enforce a rule which says if the url is non-existent, regardless of segment values, it should go to a 404 page. Ideas?

http://joviawebstudio.com/index_ee.php/blog/guide_to_404_pages_with_expressionengine/

Thanks for the link to Ryan’s article - good stuff there, but it didn’t cover my scenario. My url looks like this:

{path='stories/daily_photos'}/{entry_date format='%Y/%m/%d'}

It ends up being rendered like this:

'stories/daily_photos'}/year/month/day/

The require_entry parameter doesn’t seem to be working with this url structure.

Not sure how to set the require_entry tag with the if conditional to capture this. I am looking to get 404 for any page that doesn’t really exist. Someone is simply typing anything after the /daily_photos/ ( segment_2) to pull up the entire list of daily photos. Need to set a 404 which prevents this.

Strict urls only validates segment 1 - not the entire URL.

Are you using the if no results conditional along with the require entry parameter?  They usually go hand in hand.

How are you parsing that URL to get results?

Are you using the if no results conditional along with the require entry parameter?  They usually go hand in hand.

Yes I am. However, the require_entry parameter renders a page with no results - with or without the if conditional. I have tried several if conditionals ( with the redirect ) - none of them worked. I suspect its the /year/month/date that is throwing it off.

How are you parsing that URL to get results?

Here is the entire code for the single entry page ( daily pictures ) - Pastebin

I am able to link to individual stories on this template using :

<a href="http://{path=%27stories/daily_photos%27}/{entry_date">Pictures of the Day: {entry_date format='%F %j%S, %Y'} </a>

Hmm..

I don’t see any logic that limits the entries returned to a single day. You aren’t linking to the template with a valid entry URL title, and there is no limit parameter, and you don’t have the dynamic=“off” parameter set, so I’m not even sure how it’s working when it is.

Huh - I search a bit and found this thread:
http://ellislab.com/forums/viewthread/212166/#984537

Evidently the year/month/day linking approach works but is undocumented.

But there are some code examples there I would recommend trying - putting the segment variables into the channel:entries tag as parameters, and setting dynamic=“no”.  If that successfully returns results, then I think the require_entry and if_no_results will also work which will let you trigger a 404 redirect if the URL is hacked.

The other idea - and this would only work if the template is used for the *current* day only - is to put a conditional in that compares the values in the URL segments to the current time variable and do a redirect/404 if they don’t match. That approach won’t work if the template needs to work in archival mode though.