On Thu, 2010-03-11 at 17:34 -0700, George Langley wrote:
> Hi again. Thanks for all the info!
> Not sure I'd agree that GET should just "assume" it was URLencoded, but
> hey - who am I to argue? :-{)]
> As mentioned, this is eventually buried into a Joomla! site's login
> functions (displays any errors). So not sure I'd have access to the
> originating call to URLencode it before sending, if it's part of the standard
> Joomla! login function and not some of our custom code.
> However, Mike's suggestion to "pre-parse" it at our end:
>
> $_GET['foo'] = str_replace(' ', '+', $_GET['foo']);
>
> appears to work fine. I put the above in in just before the GET in my
> bare-bones PHP-only test, and in the actual Joomla! page just before their
> equivalent call:
>
> echo base64_decode(JRequest::getVar('message', '', 'method', 'base64'));
>
> Have tested it with strings that also included a / (being the other
> non-alphanumeric character that Base64 uses), and it remains unaffected.
> So, guess I can either add the pre-parse wherever I need to, or try to
> locate the call to see if I can urlencode it (and who am I to argue why they
> didn't do that too?!)
> Thanks again.
>
> George
Of course GET data would be assumed to be url encoded, it's part of the
URL, what other format could it take?! :p
Thanks,
Ash
http://www.ashleysheridan.co.uk
