|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60846 Warn that base64_encode needs urlencode in query string parameters
Submitted: 2012-01-23 06:03 UTC Modified: 2013-02-18 00:35 UTC
From: joeyadams3 dot 14159 at gmail dot com Assigned:
Status: No Feedback Package: *URL Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: joeyadams3 dot 14159 at gmail dot com
New email:
PHP Version: OS:


 [2012-01-23 06:03 UTC] joeyadams3 dot 14159 at gmail dot com
One of the characters used in MIME Base64 is '+', which is a special character in URL query strings.

A common mistake is to use the result of base64_encode directly in a URL.  Example:

I even found some instances of this mistake in Joomla itself.  I noticed it while troubleshooting an issue where com_login would send the user to a useless page saying "Welcome to the registered user area of our site."

I believe the documentation for base64_encode should warn about this.  See the test script for examples.

Test script:

$return = "http://localhost/~me";

// WRONG.  This will be decoded server-side as "http://localhost/[Y"
$url = "login?return=" . base64_encode($return);

// Base64 must be URL-encoded when used in a URL, because it can contain '+'
// characters.
$url = "login?return=" . urlencode(base64_encode($return));



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-24 17:00 UTC]
-Status: Open +Status: Feedback
 [2012-01-24 17:00 UTC]
Sounds like a good idea. Go to the base64_encode manual page and look for the 
little [edit] link and you can edit the page.
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed May 12 05:01:23 2021 UTC