Thanks Paul. I thought I was the only only one to have that problem. Regards
On Mon, Jul 19, 2010 at 7:42 AM, Paul Lindner <[email protected]> wrote: > I committed a fix to trunk that should take care of this. It uses > commons-codec 1.4, which has a URL-safe version of base64. > > On Fri, May 14, 2010 at 5:10 AM, franck tankoua <[email protected]> > wrote: > > > I forgot to add that in my dirty fix I changed the line 186 to : > > *byte[] bin = Base64.decodeBase64(in.replace(' ', > '+').getBytes("UTF-8")); > > * > > Changing the line 152 is certainly not important since the browser will > > change the "+" to " " anyway.* > > > > *Before trying to do any fancy fix, I would like to know if people are > > seeing this as a bug or I am missing something.* > > > > *thanks > > > > On Fri, May 14, 2010 at 1:33 PM, franck tankoua <[email protected]> > > wrote: > > > > > Hi, > > > > > > I have caught a problem while using the secureToken in an encrypted > way. > > > > > > if you checkout the "wrap" method of the "BasicBlobCrypter.java", you > > will > > > see that it can actually output String with "+" character > > > Example: > > "rANRaw1A3BTa0vSKGdkuXHVb6PHOIvqaKJ4mrlYRTvUZCX4GydOQMjua8xWTA0X* > > > +*Ba5of7Saw1lGygGothxUvRmIYp8QqT*+* > > > > > > HEwwsaDhloCD7YwE4Pi77QiWWuOWsG9OddPV3GMdEj43x3rvEDadRHoT757Kgc30NzIoRFomFhypQ/D11" > > > > > > the problem is that when the gadget sends the request back, the "st" > > > parameter is in the url ( GET method) and browsers ( firefox, chrome ) > > skip > > > the '+' character and replace them with ' '. > > > > > > So in the example above, the string which comes back is actually > > > "rANRaw1A3BTa0vSKGdkuXHVb6PHOIvqaKJ4mrlYRTvUZCX4GydOQMjua8xWTA0X > > > Ba5of7Saw1lGygGothxUvRmIYp8QqT > > > > > > HEwwsaDhloCD7YwE4Pi77QiWWuOWsG9OddPV3GMdEj43x3rvEDadRHoT757Kgc30NzIoRFomFhypQ/D11" > > > > > > Note there is no "+" anymore. > > > > > > Just as a proof of concept, I have changed the line 152 of > > > BasicBlobCrypter to *return new String(b64, UTF8).replace('+', ' ');* > > > And it actually fixed my problem. This is a dirty fix and I would like > > to > > > know if anybody ever stumbled upon this before. > > > > > > Thanks > > > > > > -- > > > Franck > > > > > > > > > > > -- > > Franck > > > > > > -- > Paul Lindner -- [email protected] -- linkedin.com/in/plindner > -- Franck
