$_GET is Mangling Base64 value
in [General]
|
From: George Langley on 11 Mar 2010 16:57 Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6) Am receiving a Base64-encoded value: theurl.com/index.php?message=xxxxx and retrieving it with $_GET: echo $_GET["message"]; xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol: ...OODq+OCou... but my $_GET is replacing the + with a space: ...OODq OCou... thus the base64_decode() is failing (displays diamonds with questions marks on my Mac). The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit. All I can find online is a reference that PHP will no longer assume that a space is a +: <http://ca3.php.net/manual/en/function.base64-decode.php#69298> but my problem is the opposite - the + symbols are there, but the GET is removing them. (And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!) Tired of looking at the dark red spot on the wall! Thanks. George Langley Multimedia Developer Audio/Video Editor Musician, Arranger, Composer www.georgelangley.ca
From: Michael Shadle on 11 Mar 2010 17:08 On Thu, Mar 11, 2010 at 1:57 PM, George Langley <george.langley(a)shaw.ca> wrote: > xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol: > > ...OODq+OCou... > > but my $_GET is replacing the + with a space: > > ...OODq OCou... > > thus the base64_decode() is failing (displays diamonds with questions marks on my Mac). You could always pre-parse it with $_GET['foo'] = str_replace(' ', '+', $_GET['foo']); and inject them back in... I have had to do something like that in the past because of the same issue (I either needed to add or remove the + I forget)
From: Ashley Sheridan on 11 Mar 2010 17:03 On Thu, 2010-03-11 at 14:57 -0700, George Langley wrote: > Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6) > Am receiving a Base64-encoded value: > > theurl.com/index.php?message=xxxxx > > and retrieving it with $_GET: > > echo $_GET["message"]; > > xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol: > > ...OODq+OCou... > > but my $_GET is replacing the + with a space: > > ...OODq OCou... > > thus the base64_decode() is failing (displays diamonds with questions marks on my Mac). > > The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit. > All I can find online is a reference that PHP will no longer assume that a space is a +: > > <http://ca3.php.net/manual/en/function.base64-decode.php#69298> > > but my problem is the opposite - the + symbols are there, but the GET is removing them. > (And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!) > > Tired of looking at the dark red spot on the wall! Thanks. > > > George Langley Multimedia Developer Audio/Video Editor Musician, Arranger, Composer www.georgelangley.ca > > Do a url_encode() on the string after you base64() it, and it should be safe for use as a URL Thanks, Ash http://www.ashleysheridan.co.uk
From: Adam Richardson on 11 Mar 2010 17:13 On Thu, Mar 11, 2010 at 4:57 PM, George Langley <george.langley(a)shaw.ca>wrote: > Hi all. Is there an issue with $_GET not handling a Base64-encoded > value correctly? (PHP is 5.1.6) > Am receiving a Base64-encoded value: > > theurl.com/index.php?message=xxxxx > > and retrieving it with $_GET: > > echo $_GET["message"]; > > xxxxx is a Japanese phrase, that has been encoded into Base64. So is using > the + symbol: > > ...OODq+OCou... > > but my $_GET is replacing the + with a space: > > ...OODq OCou... > > thus the base64_decode() is failing (displays diamonds with questions marks > on my Mac). > > The Base64-encoded string is 156 characters long, if that has any > bearing. My test URL is 230 characters in total, less than the "old" 256 > limit. > All I can find online is a reference that PHP will no longer assume > that a space is a +: > > <http://ca3.php.net/manual/en/function.base64-decode.php#69298> > > but my problem is the opposite - the + symbols are there, but the GET is > removing them. > (And to add a wrinkle, this then goes into a Joomla! page, whose > getVar() command completely removes the +, so I couldn't even do a string > replace, as I don't know where the + should have been!) > > Tired of looking at the dark red spot on the wall! Thanks. > > > George Langley Multimedia Developer Audio/Video Editor Musician, > Arranger, Composer www.georgelangley.ca > > > Get variables are automatically urldecoded: http://php.net/manual/en/function.urldecode.php The '+' character is one of the special characters automatically decoded (normally signifies a space.) I would try using an encoding scheme that doen't have collisions with special URL characters, use a different global array not automatically decoded (POST, SESSION), or cautiously urlencode the url's '+' chars (string replace all spaces to +) and then perform the base 64 decoding. -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
From: Daniel Egeberg on 11 Mar 2010 17:16
On Thu, Mar 11, 2010 at 22:57, George Langley <george.langley(a)shaw.ca> wrote: >     Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6) >     Am receiving a Base64-encoded value: > > theurl.com/index.php?message=xxxxx > >  and retrieving it with $_GET: > > echo $_GET["message"]; > > xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol: > > ...OODq+OCou... > > but my $_GET is replacing the + with a space: > > ...OODq OCou... > > thus the base64_decode() is failing (displays diamonds with questions marks on my Mac). > >     The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit. >     All I can find online is a reference that PHP will no longer assume that a space is a +: > > <http://ca3.php.net/manual/en/function.base64-decode.php#69298> > > but my problem is the opposite - the + symbols are there, but the GET is removing them. >     (And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!) > >     Tired of looking at the dark red spot on the wall! Thanks. PHP does a urldecode() on GET parameters, which regards + as a space. You should be able to get the information you need using $_SERVER['QUERY_STRING']. -- Daniel Egeberg |