[英]using a base64 encoded string in url with codeigniter
I have an encrypted, base64 encoded array that I need to put into a url and insert into emails we send to clients to enable them to be identified (uniquely) - the problem is that base64_encode() often appends an = symbol or two after it's string of characters, which by default is disallowed by CI.我有一个加密的 base64 编码数组,我需要将其放入 url 并插入到我们发送给客户的电子邮件中以使其能够被识别(唯一) - 问题是 base64_encode() 经常在它之后附加一个 = 符号或两个字符串,默认情况下 CI 不允许。
Here's an example: http://example.com/cec/pay_invoice/VXpkUmJnMWxYRFZWTEZSd0RXZFRaMVZnQWowR2N3TTdEVzRDZGdCbkQycFFaZ0JpQmd4V09RRmdWbkVMYXdZbUJ6OEdZQVJ1QlNJTU9Bb3RWenNFSmxaaFVXcFZaMXQxQXpWV1BRQThVVEpUT0ZFZ0RRbGNabFV6VkNFTlpsTWxWV29DTmdackEzQU5Nd0lpQURNUGNGQS9BRFlHWTFacUFTWldOZ3M5QmpRSGJBWTlCREVGWkF4V0NtQlhiZ1IzVm1CUk9sVm5XMllEWlZaaEFHeFJZMU51VVdNTmJsdzNWVzlVT0EwZw== Here's an example: http://example.com/cec/pay_invoice/VXpkUmJnMWxYRFZWTEZSd0RXZFRaMVZnQWowR2N3TTdEVzRDZGdCbkQycFFaZ0JpQmd4V09RRmdWbkVMYXdZbUJ6OEdZQVJ1QlNJTU9Bb3RWenNFSmxaaFVXcFZaMXQxQXpWV1BRQThVVEpUT0ZFZ0RRbGNabFV6VkNFTlpsTWxWV29DTmdackEzQU5Nd0lpQURNUGNGQS9BRFlHWTFacUFTWldOZ3M5QmpRSGJBWTlCREVGWkF4V0NtQlhiZ1IzVm1CUk9sVm5XMllEWlZaaEFHeFJZMU51VVdNTmJsdzNWVzlVT0EwZw==
Now I understand I can allow the = sign in config.php, but I don't fully understand the security implications in doing so (it must have been disabled for a reason right?)现在我明白我可以允许在 config.php 中使用 = 登录,但我并不完全理解这样做的安全隐患(它一定是出于某种原因被禁用的吧?)
Does anyone know why it might be a bad idea to allow the = symbol in URLs?有谁知道为什么在 URL 中允许使用 = 符号可能是个坏主意?
Thanks.谢谢。 John.
约翰。
Not sure why =
is disallowed, but you could also leave off the equals signs.不知道为什么
=
被禁止,但你也可以省略等号。
$base_64 = base64_encode($data);
$url_param = rtrim($base_64, '=');
// and later:
$base_64 = $url_param . str_repeat('=', strlen($url_param) % 4);
$data = base64_decode($base_64);
The base64 spec only allows =
signs at the end of the string, and they are used purely as padding, there is no chance of data loss. base64 规范只允许在字符串末尾使用
=
符号,它们纯粹用作填充,不会丢失数据。
Edit: It's possible that it doesn't allow this as a compatibility option.编辑:它可能不允许将此作为兼容性选项。 There's no reason that I can think of from a security perspective, but there's a possibility that it may mess with query string parsing somewhere in the tool chain.
从安全的角度来看,我无法想到任何理由,但它有可能会在工具链中的某个位置与查询字符串解析混淆。
Please add the character "=" to $config['permitted_uri_chars'] in your config.php file you can find that file at application/config folder请在您的 config.php 文件中将字符“=”添加到 $config['permitted_uri_chars'],您可以在 application/config 文件夹中找到该文件
Originally there are no any harmful characters in the url at all.原来 url 中根本没有任何有害字符。 But there are not experienced developers or bad-written software that helps some characters to become evil.
但是没有经验丰富的开发人员或糟糕的软件可以帮助某些角色变得邪恶。
As of =
- I don't see any issues with using it in urls截至
=
- 我没有看到在网址中使用它有任何问题
Instead of updating config file you can use urlencode and urldecode function of native php.您可以使用原生 php 的 urlencode 和 urldecode function 而不是更新配置文件。
$str=base64_encode('test'); $url_to_be_send=urlencode($str); //send it via url //now on reciveing side //assuming value passed via get is stored in $encoded_str $decoded_str=base64_decode(urldecode($encoded_str));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.