Hi,
I have caught a problem while using the secureToken in an encrypted way.
if you checkout the "wrap" method of the "BasicBlobCrypter.java", you will
see that it can actually output String with "+" character
Example: "rANRaw1A3BTa0vSKGdkuXHVb6PHOIvqaKJ4mrlYRTvUZCX4GydOQMjua8xWTA0X*+*
Ba5of7Saw1lGygGothxUvRmIYp8QqT*+*
HEwwsaDhloCD7YwE4Pi77QiWWuOWsG9OddPV3GMdEj43x3rvEDadRHoT757Kgc30NzIoRFomFhypQ/D11"
the problem is that when the gadget sends the request back, the "st"
parameter is in the url ( GET method) and browsers ( firefox, chrome ) skip
the '+' character and replace them with ' '.
So in the example above, the string which comes back is actually
"rANRaw1A3BTa0vSKGdkuXHVb6PHOIvqaKJ4mrlYRTvUZCX4GydOQMjua8xWTA0X
Ba5of7Saw1lGygGothxUvRmIYp8QqT
HEwwsaDhloCD7YwE4Pi77QiWWuOWsG9OddPV3GMdEj43x3rvEDadRHoT757Kgc30NzIoRFomFhypQ/D11"
Note there is no "+" anymore.
Just as a proof of concept, I have changed the line 152 of BasicBlobCrypter
to *return new String(b64, UTF8).replace('+', ' ');*
And it actually fixed my problem. This is a dirty fix and I would like to
know if anybody ever stumbled upon this before.
Thanks
--
Franck
