Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

2.3 safe url encode #910

Closed
wants to merge 1 commit into from

3 participants

@dereuromark
Collaborator

based on the search plugin, https://groups.google.com/forum/?fromgroups=#!topic/cake-php/5o1Mw-ukGmM and a few more uses cases it seems that neither base64encode nor urlencode can achieve that we can make strings url-compatible as query strings. at least not without quite some overhead.

The problem is that both methods return a string that still can contain harmful characters regarding valid urls.
And another issue is, that most devs are not aware of this. The fact that the search plugin contained this bug with the wrong encoding/decoding for years proves that a unified and well tested core solution for this issue is a possible way to go here.

So it might make sense to provide this in the String class then.

lib/Cake/Test/Case/Utility/StringTest.php
@@ -699,6 +699,37 @@ public function testExcerptCaseInsensitivity() {
}
/**
+ * test testSafeUrlEncode
+ *
+ * @return void
+ */
+ public function testSafeUrlEncode() {
+ $text = 'abc123';
+ $result = $this->Text->safeUrlEncode($text);
+ $this->assertEquals('YWJjMTIz', $result);
+
+ $text = 'some/problematic+and-not=urlsafe&string';
+ $result = $this->Text->safeUrlEncode($text);
+ die(debug($result));
@majna
majna added a note

Ups!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@markstory
Owner

Why can't you just use rawurlencode() in these situations? It seems to output a safe version from what I can see:

php > echo rawurlencode('some/problematic+and-not=urlsafe&string') . "\n";
some%2Fproblematic%2Band-not%3Durlsafe%26string

Calling methods safe is generally asking for trouble, I would think of a different name. Its also confusingly named as the result isn't URL encoded at all, but base64 encoded.

@dereuromark
Collaborator

i initially wanted to name it urlEncode() and urlDecode()
but that would have been even worse in terms of confusion.

rawurlencode could indeed work. i wonder why the search plugin didnt use this in the first place then.

@markstory
Owner

So then this method really doesn't need to exist as the functions in PHP handle this case quite easily.

@dereuromark
Collaborator

closing as i need to investigate further then :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
30 lib/Cake/Test/Case/Utility/StringTest.php
@@ -699,6 +699,36 @@ public function testExcerptCaseInsensitivity() {
}
/**
+ * test testSafeUrlEncode
+ *
+ * @return void
+ */
+ public function testSafeUrlEncode() {
+ $text = 'abc123';
+ $result = $this->Text->safeUrlEncode($text);
+ $this->assertEquals('YWJjMTIz', $result);
+
+ $text = 'some/problematic+and-not=urlsafe&string';
+ $result = $this->Text->safeUrlEncode($text);
+ $this->assertEquals('c29tZS9wcm9ibGVtYXRpYythbmQtbm90PXVybHNhZmUmc3RyaW5n', $result);
+ }
+
+/**
+ * test testSafeUrlDecode
+ *
+ * @return void
+ */
+ public function testSafeUrlDecode() {
+ $text = 'YWJjMTIz';
+ $result = $this->Text->safeUrlDecode($text);
+ $this->assertEquals('abc123', $result);
+
+ $text = 'c29tZS9wcm9ibGVtYXRpYythbmQtbm90PXVybHNhZmUmc3RyaW5n';
+ $result = $this->Text->safeUrlDecode($text);
+ $this->assertEquals('some/problematic+and-not=urlsafe&string', $result);
+ }
+
+/**
* testListGeneration method
*
* @return void
View
21 lib/Cake/Utility/String.php
@@ -626,6 +626,26 @@ public static function excerpt($text, $phrase, $radius = 100, $ellipsis = '...')
}
/**
+ * Creates a string that is safe to be passed via $_GET query string
+ *
+ * @param string $string Unsafe string
+ * @return string Encoded string
+ */
+ public static function safeUrlEncode($text) {
+ return str_replace(array('/', '='), array('-', '_'), base64_encode($text));
+ }
+
+/**
+ * Decodes a string that has previously been encoded with String::safeUrlEncode()
+ *
+ * @param string $string Safe string
+ * @return string Decoded string
+ */
+ public static function safeUrlDecode($text) {
+ return base64_decode(str_replace(array('-', '_'), array('/', '='), $text));
+ }
+
+/**
* Creates a comma separated list where the last two items are joined with 'and', forming natural English
*
* @param array $list The list to be joined
@@ -641,4 +661,5 @@ public static function toList($list, $and = 'and', $separator = ', ') {
return array_pop($list);
}
+
}
Something went wrong with that request. Please try again.