From: George Langley on
Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6)
Am receiving a Base64-encoded value:

theurl.com/index.php?message=xxxxx

 and retrieving it with $_GET:

echo $_GET["message"];

xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol:

...OODq+OCou...

but my $_GET is replacing the + with a space:

...OODq OCou...

thus the base64_decode() is failing (displays diamonds with questions marks on my Mac).

The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit.
All I can find online is a reference that PHP will no longer assume that a space is a +:

<http://ca3.php.net/manual/en/function.base64-decode.php#69298>

but my problem is the opposite - the + symbols are there, but the GET is removing them.
(And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!)

Tired of looking at the dark red spot on the wall! Thanks.


George Langley    Multimedia Developer    Audio/Video Editor    Musician, Arranger, Composer www.georgelangley.ca


From: Michael Shadle on
On Thu, Mar 11, 2010 at 1:57 PM, George Langley <george.langley(a)shaw.ca> wrote:

> xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol:
>
> ...OODq+OCou...
>
> but my $_GET is replacing the + with a space:
>
> ...OODq OCou...
>
> thus the base64_decode() is failing (displays diamonds with questions marks on my Mac).

You could always pre-parse it with

$_GET['foo'] = str_replace(' ', '+', $_GET['foo']);

and inject them back in... I have had to do something like that in the
past because of the same issue (I either needed to add or remove the +
I forget)
From: Ashley Sheridan on
On Thu, 2010-03-11 at 14:57 -0700, George Langley wrote:

> Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6)
> Am receiving a Base64-encoded value:
>
> theurl.com/index.php?message=xxxxx
>
> and retrieving it with $_GET:
>
> echo $_GET["message"];
>
> xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol:
>
> ...OODq+OCou...
>
> but my $_GET is replacing the + with a space:
>
> ...OODq OCou...
>
> thus the base64_decode() is failing (displays diamonds with questions marks on my Mac).
>
> The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit.
> All I can find online is a reference that PHP will no longer assume that a space is a +:
>
> <http://ca3.php.net/manual/en/function.base64-decode.php#69298>
>
> but my problem is the opposite - the + symbols are there, but the GET is removing them.
> (And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!)
>
> Tired of looking at the dark red spot on the wall! Thanks.
>
>
> George Langley Multimedia Developer Audio/Video Editor Musician, Arranger, Composer www.georgelangley.ca
>
>


Do a url_encode() on the string after you base64() it, and it should be
safe for use as a URL

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Adam Richardson on
On Thu, Mar 11, 2010 at 4:57 PM, George Langley <george.langley(a)shaw.ca>wrote:

> Hi all. Is there an issue with $_GET not handling a Base64-encoded
> value correctly? (PHP is 5.1.6)
> Am receiving a Base64-encoded value:
>
> theurl.com/index.php?message=xxxxx
>
> and retrieving it with $_GET:
>
> echo $_GET["message"];
>
> xxxxx is a Japanese phrase, that has been encoded into Base64. So is using
> the + symbol:
>
> ...OODq+OCou...
>
> but my $_GET is replacing the + with a space:
>
> ...OODq OCou...
>
> thus the base64_decode() is failing (displays diamonds with questions marks
> on my Mac).
>
> The Base64-encoded string is 156 characters long, if that has any
> bearing. My test URL is 230 characters in total, less than the "old" 256
> limit.
> All I can find online is a reference that PHP will no longer assume
> that a space is a +:
>
> <http://ca3.php.net/manual/en/function.base64-decode.php#69298>
>
> but my problem is the opposite - the + symbols are there, but the GET is
> removing them.
> (And to add a wrinkle, this then goes into a Joomla! page, whose
> getVar() command completely removes the +, so I couldn't even do a string
> replace, as I don't know where the + should have been!)
>
> Tired of looking at the dark red spot on the wall! Thanks.
>
>
> George Langley Multimedia Developer Audio/Video Editor Musician,
> Arranger, Composer www.georgelangley.ca
>
>
>
Get variables are automatically urldecoded:
http://php.net/manual/en/function.urldecode.php

The '+' character is one of the special characters automatically decoded
(normally signifies a space.) I would try using an encoding scheme that
doen't have collisions with special URL characters, use a different global
array not automatically decoded (POST, SESSION), or cautiously urlencode the
url's '+' chars (string replace all spaces to +) and then perform the base
64 decoding.

--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
From: Daniel Egeberg on
On Thu, Mar 11, 2010 at 22:57, George Langley <george.langley(a)shaw.ca> wrote:
>        Hi all. Is there an issue with $_GET not handling a Base64-encoded value correctly? (PHP is 5.1.6)
>        Am receiving a Base64-encoded value:
>
> theurl.com/index.php?message=xxxxx
>
>  and retrieving it with $_GET:
>
> echo $_GET["message"];
>
> xxxxx is a Japanese phrase, that has been encoded into Base64. So is using the + symbol:
>
> ...OODq+OCou...
>
> but my $_GET is replacing the + with a space:
>
> ...OODq OCou...
>
> thus the base64_decode() is failing (displays diamonds with questions marks on my Mac).
>
>        The Base64-encoded string is 156 characters long, if that has any bearing. My test URL is 230 characters in total, less than the "old" 256 limit.
>        All I can find online is a reference that PHP will no longer assume that a space is a +:
>
> <http://ca3.php.net/manual/en/function.base64-decode.php#69298>
>
> but my problem is the opposite - the + symbols are there, but the GET is removing them.
>        (And to add a wrinkle, this then goes into a Joomla! page, whose getVar() command completely removes the +, so I couldn't even do a string replace, as I don't know where the + should have been!)
>
>        Tired of looking at the dark red spot on the wall! Thanks.

PHP does a urldecode() on GET parameters, which regards + as a space.
You should be able to get the information you need using
$_SERVER['QUERY_STRING'].

--
Daniel Egeberg