php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60846 Warn that base64_encode needs urlencode in query string parameters
Submitted: 2012-01-23 06:03 UTC Modified: 2013-02-18 00:35 UTC
From: joeyadams3 dot 14159 at gmail dot com Assigned:
Status: No Feedback Package: *URL Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: joeyadams3 dot 14159 at gmail dot com
New email:
PHP Version: OS:

 

 [2012-01-23 06:03 UTC] joeyadams3 dot 14159 at gmail dot com
Description:
------------
One of the characters used in MIME Base64 is '+', which is a special character in URL query strings.

A common mistake is to use the result of base64_encode directly in a URL.  Example:

http://docs.joomla.org/index.php?title=How_do_you_redirect_users_after_a_successful_login%3F&oldid=36843

I even found some instances of this mistake in Joomla itself.  I noticed it while troubleshooting an issue where com_login would send the user to a useless page saying "Welcome to the registered user area of our site."

I believe the documentation for base64_encode should warn about this.  See the test script for examples.

Test script:
---------------
<?php

$return = "http://localhost/~me";

// WRONG.  This will be decoded server-side as "http://localhost/[Y"
$url = "login?return=" . base64_encode($return);

// Base64 must be URL-encoded when used in a URL, because it can contain '+'
// characters.
$url = "login?return=" . urlencode(base64_encode($return));

?>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-24 17:00 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2012-01-24 17:00 UTC] rasmus@php.net
Sounds like a good idea. Go to the base64_encode manual page and look for the 
little [edit] link and you can edit the page.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 11:01:30 2024 UTC