douchi2022 2014-08-27 16:33
浏览 42
已采纳

如何在CakePHP 3中通过URL发送加密哈希?

I'm working on a reset password function that matches hashes to allow for the user to reset. The only trouble is the hash that was created cannot be passed over URL without breaking the page. For example, my hash is this:

http://localhost/users/changeResetPassword/e0b4ab1d2cdc5742c7b5f72ef6c2935dadfe458dc275b7419d9f1ac66461aa20%0F5%3A%C6%5C%26%2A%E4%D5%ACA%94%ADV%BF%EB%CAz%97O%1F%7D%F0h~%E3-.%FF%B4z%5E%1AQ%B8%8Ca%BC500%2A%EC%7B%FA%AF8%E3%2A%7F%BA%A4y%03%AE%29%94%09%26%9E%29e%E5%DEn%1At%C1%EC%F7%D4x%EAvlA%BE%5B%0D%CF

All of these % seem to break the page, because I get this error:

Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If I take away everything up to the last % and try it again, the page loads fine. It's just some characters in the URL seem to bug everything out:

http://localhost/users/changeResetPassword/e0b4ab1d2cdc5742c7b5f72ef6c2935dadfe458dc275b7419d9f1ac66461aa20

This loads fine, so I know it's just a URL problem. Any ideas?

  • 写回答

1条回答 默认 最新

  • dongyinzheng6572 2014-08-27 16:50
    关注

    Base64 encode the hash and pass it along, then decode when received. Cake URI parsing likely breaks because it'll try to interpret those %xx as html encoded values but it does not appear that is what they are since you have stuff like %03 and from the link: "The ASCII device control characters %00-%1f were originally designed to control hardware devices. Control characters have nothing to do inside a URL"

    With regards to ndm's comment indicating you may additionally need to URL encode the base64 string since base64 can contain the characters + = / I'd recommend you also look at url encoded forward slash is breaking url to see why simply encoding the problematic characters might also be problematic. If the current solution of passing unencoded base64 strings is not causing any issues with your rewrite rules I would recommend you keep it as it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题