Geek Answers Handbook

Using base64 encoding in url using codeigniter

I have an encrypted base64 encoded array that I need to put in the URL and paste it into the emails we send to clients so that they can be identified (uniquely). The problem is that base64_encode () often adds the = character or two after it a character string, which by default is forbidden by CI.

Here is an example: http://example.com/cec/pay_invoice/VXpkUmJnMWxYRFZWTEZSd0RXZFRaMVZnQWowR2N3TTdEVzRDZGdCbkQycFFaZ0JpQmd4V09RRmdWbkVMYXdZbUJ6OEdZQVJ1QlNJTU9Bb3RWenNFSmxaaFVXcFZaMXQxQXpWV1BRQThVVEpUT0ZFZ0RRbGNabFV6VkNFTlpsTWxWV29DTmdackEzQU5Nd0lpQURNUGNGQS9BRFlHWTFacUFTWldOZ3M5QmpRSGJBWTlCREVGWkF4V0NtQlhiZ1IzVm1CUk9sVm5XMllEWlZaaEFHeFJZMU51VVdNTmJsdzNWVzlVT0EwZw==

Now I understand that I can enable the sign sign in the config.php file, but I do not quite understand the security implications in this case (it must be disabled for some reason)?

Does anyone know why it might be a bad idea to allow the = character in URLs?

Thanks! John.

+4
source share
4 answers

Not sure why = forbidden, but you can also leave equal signs.

 $base_64 = base64_encode($data); $url_param = rtrim($base_64, '='); // and later: $base_64 = $url_param . str_repeat('=', strlen($url_param) % 4); $data = base64_decode($base_64);

The base64 specification allows only = characters at the end of a line, and they are used solely as an addition, there is no possibility of data loss.

Edit: Perhaps this does not mean that it is a compatibility option. There is no reason why I can think in terms of security, but there is a chance that it could ruin the query string, somewhere in the tool chain.

+16
source

Initially, there are no harmful characters in the URL. But there are no experienced developers or poorly written software that helps some characters become evil.

As of = - I do not see any problems using it in URLs

+2
source

Please add the symbol "=" in $ config ['allowed_uri_chars'] to your config.php file, you can find this file in the application / config folder

+1
source

Instead of updating the configuration file, you can use the urlencode and urldecode functions for native php.

 $str=base64_encode('test'); $url_to_be_send=urlencode($str); //send it via url //now on reciveing side //assuming value passed via get is stored in $encoded_str $decoded_str=base64_decode(urldecode($encoded_str));
+1
source

More articles:


All Articles