I had a similar problem where the 'result' contained a double-dash '--'. After hours of debugging, I found that some URL filters were seeing it as a potential SQL injection and therefore preventing the request.
Thanks, Nathan. On Thu, Apr 26, 2012 at 7:41 PM, Alex Osborn <[email protected]> wrote: > Looking for input / an authoritative answer, or maybe someone has come > across this before: > > Should an URL parameter be allowed to contain an un-encoded equals 'sign'? > RFC3986 says no? http://www.ietf.org/rfc/rfc3986.txt - section 2.2 > > Frustrating debugging today, decoding a response from DPS's PxPay product. > > The responses we were receiving were decoding correctly on our local > environment, but failing on our testing server. Examining the request > closely, this appeared to be as the value of the 'result' parameter, > contained an equals? > > Example: > > > http://www.example.co.nz/order/payment-callback?result=v54VPdtC6YVlz2O6vwH7ZjHlmCvoIQPjPa9MC1rmeFHjFUAvycztFQWbWIbCzkAlBvU6Ot1Wl-5NupqfcgjdpjlYoZtRf09IIB0AxvfmkY37HdOvE2MmK3gJ4VzS1X6YhdpaJwodmZrKk_PIUgcjaJxc0MbGV1jN7aA3pZmoxkOANaMuFTQhtDs0HMzaZ6vH8DmsWw-ubuz958w7bU0WAzgp5zjtdXz_ABfyKaiwfCCWTrjQgqTLi28cy15ybhi0volnb3RsQcihYE-2DX3Q1ZftDismC6rXm8SLMYv1KJVKQQKThyJAbnppQrIBcKwtOfXMUlx9vKInSBPevT1t-iDtDCMh01n9orvN9wHkcH3uYP3MY_-B2eotDOpKgY6_0ubnw0BDq91MjcqYgsJZnZr5-1liQKtVMCs62ekdVxGmccPQw9XnnVem4fG3k8vf-aC-AAbcUzrWdexbyApa5YfLXwAXS7_6peeGa73EWcWuP7CzXvykdpUx28awYAeuIyYX5eaGRxB_o5Bj7U2hYuIPir7gRqIiAa9xy8o93Y8Taq8X5FYUM2lA==&userid=Example > > Our server was reading this not as one parameter as intended, but as two: > > result= > > > v54VPdtC6YVlz2O6vwH7ZjHlmCvoIQPjPa9MC1rmeFHjFUAvycztFQWbWIbCzkAlBvU6Ot1Wl-5NupqfcgjdpjlYoZtRf09IIB0AxvfmkY37HdOvE2MmK3gJ4VzS1X6YhdpaJwodmZrKk_PIUgcjaJxc0MbGV1jN7aA3pZmoxkOANaMuFTQhtDs0HMzaZ6vH8DmsWw-ubuz958w7bU0WAzgp5zjtdXz_ABfyKaiwfCCWTrjQgqTLi28cy15ybhi0volnb3RsQcihYE-2DX3Q1ZftDismC6rXm8SLMYv1KJVKQQKThyJAbnppQrIBcKwtOfXMUlx9vKInSBPevT1t-iDtDCMh01n9orvN9wHkcH3uYP3MY_-B2eotDOpKgY6_0ubnw0BDq91MjcqYgsJZnZr5-1liQKtVMCs62ekdVxGmccPQw9XnnVem4fG3k8vf-aC-AAbcUzrWdexbyApa5YfLXwAXS7_6peeGa73EWcWuP7CzXvykdpUx28awYAeuIyYX5eaGRxB_o5Bj7U2hYuIPir7gRqIiAa9xy8o93Y8Taq8X5FYUM2lA= > > We're breaking up the query string manually as a workaround, but is there > a server setting we can change or something I am not aware of, or should I > go bother DPS? > > > > > > > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
