php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #60846 Warn that base64_encode needs urlencode in query string parameters
Submitted: 2012-01-23 06:03 UTC Modified: 2013-02-18 00:35 UTC
From: joeyadams3 dot 14159 at gmail dot com Assigned:
Status: No Feedback Package: *URL Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-01-23 06:03 UTC] joeyadams3 dot 14159 at gmail dot com 
Description:
------------
One of the characters used in MIME Base64 is '+', which is a special character in URL query strings.

A common mistake is to use the result of base64_encode directly in a URL.  Example:

http://docs.joomla.org/index.php?title=How_do_you_redirect_users_after_a_successful_login%3F&oldid=36843

I even found some instances of this mistake in Joomla itself.  I noticed it while troubleshooting an issue where com_login would send the user to a useless page saying "Welcome to the registered user area of our site."

I believe the documentation for base64_encode should warn about this.  See the test script for examples.

Test script:
---------------
<?php

$return = "http://localhost/~me";

// WRONG.  This will be decoded server-side as "http://localhost/[Y"
$url = "login?return=" . base64_encode($return);

// Base64 must be URL-encoded when used in a URL, because it can contain '+'
// characters.
$url = "login?return=" . urlencode(base64_encode($return));

?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-24 17:00 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2012-01-24 17:00 UTC] rasmus@php.net 
Sounds like a good idea. Go to the base64_encode manual page and look for the 
little [edit] link and you can edit the page.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 16:01:27 2024 UTC