Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add urldecoding values in post form #13

Open
conf opened this Issue Jun 25, 2010 · 3 comments

Comments

Projects
None yet
3 participants
Contributor

conf commented Jun 25, 2010

We need this because browser makes encoding by itself, so the value become encoded twice. For example if identifier is an email.
Fixed at my repo:
http://github.com/conf/php-openid/commit/c3ca5c1f7d4c52c649eec93e5a6ffae2030119fd

nhorvath commented Mar 2, 2012

This actually breaks values that are base64 encoded when they contain a + the plus is decoded to space which is encoded to %20 when the form is submitted. I removed the urldecode and it fixes issues with random signature and assoc_handle errors. I do not see any ill effects to email addresses or other characters that would normally be urlencoded. I think this commit should be removed.

Contributor

conf commented Mar 7, 2012

I don't remember clearly for now, since it was 2 years ago :), but it seems it was an issue with Mail.ru OpenID provider (quite popular email service in Russia).
They required email as user-identifier when openid logging is done, so if we have email, say, conf@mail.ru, it came already urlencoded to the patched line, so it will look as conf%40mail.ru. After that POST-form is generated with <input>-hidden value, so browser will encode this value once again, resulting conf%25%40mail.ru and that was causing error from their side. My fix did the job for me, so it's up to you to decide if it's needed anymore in common repo.
Thanks for the answer, anyways.

Contributor

itsour commented Oct 23, 2012

Maybe you could try to use the function htmlspecialchars rather than encoding the value I think.

@yfebles yfebles pushed a commit to yfebles/php-openid that referenced this issue Jun 2, 2017

@jasny David Veenstra + jasny work for #13 #14 #15: tests, cacheing, examples 09250d8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment