here is the solution for php Passing base64 encoded strings in URL
but because of urlencode cakephp problem I cant use it (the solution in there is not good for me)
Passing an urlencoded URL as parameter to a controller / action at CakePHP
Rawurlencode does not work either. Also I cant hash it because I need it to be reversible. Or is there some "reversible" hash function. I know that the meaning of hash is for one way, but like some way to get output similar(so I can use in the url without problems) to md5/sha* but be able to reverse.
QSN: how to use base64 encoded string in url to avoid problems, mentioned in the above link.
Related
I have a querystring parameter that is an encoded string that gets converted to Base64. That parameter is then embedded in a link within an email. When I click the link in the email, the querystring parameter has had all the + characters within it replaced by space characters. There are no other differences. Is there a method I can call to sanitise the string and effectively replace the spaces with pluses again. I'm currently doing a string replace which is a bit fat hack. Something is causing the replacement but I'm not sure what. Has anyone come across anything like this before?
Example - querystring parameter value within URL of the browser:
yo3rZZbZyG4UCN+L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl+3lA7qn+lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
Value of string within controller action:
yo3rZZbZyG4UCN L3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl 3lA7qn lOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw==
You should URL encode the base64 string to the link, so it is:
yo3rZZbZyG4UCN%2BL3pcTYJXmWEggnkW1qcyJk2uBrVTtGUSKIlBcJ8e9TSx8BHjHJv0JhI8H6LbIqUl%2B3lA7qn%2BlOgpSi3rCGN4bm5moOWcCA449C1Z3zj7J1FkOXH2HMox4VUZ7x7fF65MRwuBBmw%3D%3D
HttpUtility.UrlEncode(base64str) in .NET, or encodeURIComponent(base64str) in javascript
you can use System.Web.HttpServerUtility.UrlTokenEncode (from http://brockallen.com/2014/10/17/base64url-encoding/#comments)
It is doing this because the + sign is interpreted as a marker to say that another parameter follows. This is why it is getting mangled. You should URL encode your string before you pass it to the server.
In MVC, I'm attempting to use URL routing to get the result of an action given a certain input.
Consider the following in my view:
<%=Html.ActionLink("View", "Test", new with {.id = Url.Encode(dir\file}) %>
My controller then uses HttpUtility.UrlDecode(id) to get the original. The controller itself is using File() to retrieve a file at the specified directory\file location. However, an error message pops up telling me that
A potentially dangerous Request.Path value was detected from the client (%).
The URL is showing up as
http://home/dir%255cfile.txt
I googled Url Encoding and \ is encoded as %5c. Where is the %25 coming from? It's the encoding for %, but that means Encode is being done twice. Why is that, and is that supposed to be happening?
Html.ActionLink takes care of the URL encoding for you. If you don't encode the params there, there's no need to decode it again and your issue is solved.
Basically I need to pass three paramaters to a http as get. Here are the parameters
param1 = 3
param2 = 454
param3 = http://localhost:3000/another_test?another_param=4&another_param2=978
This transforms to
http://localhost:3000/test?param1=3¶m2=454¶m3=http://localhost:3000/another_test?another_param=4&another_param2=978
I am just confused whether the URL formed is correct or not. Will this work or is there anyother way to do this. I am using Rails. I did a decode and clicked on the link and I still see the above URL coming. Will this work on the receiever side, meaning will it be decoded as I had intended.
Please advise.
It should work as long as you url encode the params. In that case the & and ? will be transformed, making it possible for Rails to differentiate between the query string parameters and the query string delimiters.
To ensure that it is encoded you can use Rack::Utils.escape or Hash#to_query.
This will be decoded as:
param1=3
param2=454
param3=http://localhost:3000/another_test?another_param=4
another_param2=978
You need to encode param3, or at minimum replace the ampersands in it with the correct URL encoding, in order for it to match back up to your input parameters.
I have a Ruby on Rails Application that is using the X virtual framebuffer along with another program to grab images from the web. I have structured my command as shown below:
xvfb-run --server-args=-screen 0 1024x768x24 /my/c++/app #{user_provided_url}
What is the best way to make this call in rails with the maximum amount of safety from user input?
You probably don't need to sanitize this input in rails. If it's a URL and it's in a string format then it already has properly escaped characters to be passed as a URL to a Net::HTTP call. That said, you could write a regular expression to check that the URL looks valid. You could also do the following to make sure that the URL is parse-able:
uri = URI.parse(user_provided_url)
You can then query the object for it's relevant parts:
uri.path
uri.host
uri.port
Maybe I'm wrong, but why don't you just make sure that the string given is really an URL (URI::parse), surround it with single quotes and escape any single quote (') character that appears inside?
Do I need to encode strings (eg URL) I pass as a POST form parameter?
Ie I want to pass a URL I have to my web application (ruby on rails) as one of the form parameters. So are there any potential characters in a URL/URI that would need to be encoded? Or perhaps rails would handle this anyway?
Do I need to encode strings (eg URL) I pass as a POST form parameter?
That depends on what you're using to create/send your POST request. If you're directly creating the request body yourself, then yes you would have to URL-encode each parameter:
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
foo=bar&url=http://www.example.com/url?innerparameter1=1&innerparameter2=2
this is no good:innerparameter2 is actually a parameter of the outer form-encoded string. It would need encoding, which would look like:
foo=bar&url=http%3A//www.example.com/url%3Finnerparameter1%3D1%26innerparameter2%3D2
If, however, you are using something higher-level to make the POST request, and passing in some kind of mapping of parameter strings, I would expect that component to take care of the URL-encoding for you.
Code?
As bobince mentions, you need to encode any data that you're passing as URL parameters. Often whatever library you're using will take care of this. This applies to all HTTP requests BTW.
For example, an API has an endpoint GET /sites/:name.
Using cURL it should look like
curl http://example.com/sites/google%2Ecom
In Ruby/Rails, you can use URI.encode and URI.decode:
>> URI.encode('google.com', /\W/)
"google%2Ecom"
>> URI.decode('google%2Ecom')
"google.com"
As a general statement, if you emit programmatic or user input data to an HTML page, you should encode it for HTML. Bear in mind that URLs often have the & character and that should be encoded, even if browsers appear to handle it okay.
I'm not a Ruby guy, so I don't know how you do that in Ruby, nor am I familiar with Ruby on Rails to say if it will do it (though I would be a little surprised by that), but the guideline I suggest isn't language specific.