Login

sneakyimp · 03-26-2021, 03:24 PM

(03-25-2021, 02:50 AM)craig Wrote: I would use the Text helper for this purpose to avoid URL issues with Base64; it uses bin2hex() on the result of random_bytes() instead of base64_encode().

Code:
echo random_string('crypto', 64);

https://codeigniter.com/user_guide/helpe...dom_string

Sadly, bin2hex takes up a lot more space -- it doubles the length of whatever you encode.

Also, I think there's a bug in site_url (or more specifically the URI class) and how it deals with your query string. Turns out CI4 will urlencode your query string whether you like it or not:

PHP Code:
// slash in query string gets encoded:
$url = '/controller/method?a=b/c'; 

This could be problematic if you have already taken steps to encode any values in the query string yourself. Like what if your query string is %25? site_url does NOT encode the % in this url. Both site_url produces the same output here even though $url1 and $url2 are quite different:

PHP Code:
$v = '%';
$url1 = '?x=' . urlencode($v);
echo site_url($url1) . '<br>';
$url2 = '?x=' . $v;
echo site_url($url2) . '<br>'; 

The + char, in particular, has problems. site_url returns the exact same url for both $url1 and $url2:

PHP Code:
$url1 = '?x=2+2';
echo site_url($url1) . '<br>';
$url2 = '?x=2 2';
echo site_url($url2) . '<br>'; 

Call me crazy, but I don't think site_url should be urldecoding your path segments or urlencoding your query strings. Furthermore, it's urlencoding behavior is unpredictable.