PHP:url 编码问题(rawurlencode 和 rawurldecode)
我正在创建一个令牌,并将其作为页面上 URL 的一部分传递。我使用 rawurlencode() 对字符串进行编码并将其作为令牌发送,但是,我发现当我解码接收到的令牌(作为 URL 参数传递)时,我得到的字符串略有不同。
我的网址如下所示: /path/to/file.html?token=abcd123
这是我正在使用的代码片段。我是否做了任何明显错误的事情?如果做不到这一点,是否有更好的方法来创建(加密)令牌并将其传递到 url 中?
<?php
//send
$raw = "some secret string";
$token = rawurlencode($raw);
//recieve
$data = rawurldecode($token);
?>
[编辑]
我已经删除了 enc(dec)ryption 功能 - 它们不是问题的原因 - 并且是一个转移注意力的东西。我已经将问题范围缩小到 rawurlencode/decode 的工作方式不对称。
rawurlencoded 字符串在解码时会给出不同的字符串(类似的字符串,但缺少部分)。当然,作为 URLS 基础的东西不可能有错误——所以我一定做错了什么。问题是我无法发现它,到目前为止似乎没有人能够发现它...
[其他信息]
我正在使用 Symfony Web 框架 (v1.3.8) ,这可能会通过在幕后编码和解码内容来扰乱请求。我将尝试直接从 $_POST 变量获取 token 参数,看看 Symfony 是否是这一切的罪魁祸首。
I am creating a token which I am passing as part of the url on a page. I encode the string using rawurlencode() and send it as a token, however, I find that when I decode the received token (passed as a URL parameter), I get a slightly different string.
My url looks like this: /path/to/file.html?token=abcd123
Here is a snippet of the code I am using. Am I doing anything that is obviously erong?. Failing that, is there a better way to create (encrypted) tokens and pass them in the url?
<?php
//send
$raw = "some secret string";
$token = rawurlencode($raw);
//recieve
$data = rawurldecode($token);
?>
[Edit]
I have removed the enc(dec)ryption functionality - they were not the cause of the problem - and were a red herring. I have narrowed the problem down specifically to rawurlencode/decode not being symmetric in the way they are working.
A rawurlencoded string when decoded, is giving a different string (similar string, but with parts missing). Surely, there cant be a bug in something as fundamental to URLS - so I must be doing something wrong. Problem is that I can't spot it, and so far no one else seems to be able to spot it either ...
[Additional Info]
I am using the Symfony web framework (v1.3.8), which is probably messing with requests by encoding and decoding stuff behind the scenes. I am going to try to get the token parameter directly from the $_POST variable and see if Symfony is the culprit in all of this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当您从 URL 收到令牌时,您不需要对令牌进行
rawurldecode,因为 PHP 会为您处理该令牌。例如“foo.php?q=hello%20world”导致$_GET['q']具有 'hello world' 而不是 'hello%20world'因为您使用的是 ECB 模式,所以 IV 被忽略,这很幸运,因为您需要使用相同的 IV 来加密和解密。
至于可能失败的原因 - 解密的字符串将被填充到块大小,因此它可能比原始字符串长。您可以通过传递字符串长度并在解密后使用
substr来解决此问题。You shouldn't need to
rawurldecodethe token when you receive it from the URL, because PHP handles that for you. e.g. "foo.php?q=hello%20world" results in$_GET['q']having 'hello world' not 'hello%20world'Since you're using ECB mode the IV is ignored, which is fortunate since you'd need to use the same IV to encrypt and decrypt.
As to what might be failing - the decrypted string will be padded to the block size so it might be longer than the original string. You can get around this by passing along the string length and using
substrafter decryption.