Hi again. Thanks for all the info!
        Not sure I'd agree that GET should just "assume" it was URLencoded, but 
hey - who am I to argue?  :-{)]
        As mentioned, this is eventually buried into a Joomla! site's login 
functions (displays any errors). So not sure I'd have access to the originating 
call to URLencode it before sending, if it's part of the standard Joomla! login 
function and not some of our custom code.
        However, Mike's suggestion to "pre-parse" it at our end:

$_GET['foo'] = str_replace(' ', '+', $_GET['foo']);

appears to work fine. I put the above in in just before the GET in my 
bare-bones PHP-only test, and in the actual Joomla! page just before their 
equivalent call:

echo base64_decode(JRequest::getVar('message', '', 'method', 'base64'));

        Have tested it with strings that also included a / (being the other 
non-alphanumeric character that Base64 uses), and it remains unaffected.
        So, guess I can either add the pre-parse wherever I need to, or try to 
locate the call to see if I can urlencode it (and who am I to argue why they 
didn't do that too?!)
        Thanks again.


Reply via email to