timint
commented
3 years ago You can't urldecode a complete url. urldecode is for parameter values. Why would you need decode?
Closed timint closed 11 months ago
timint
commented
3 years ago You can't urldecode a complete url. urldecode is for parameter values. Why would you need decode?
alexanderwiden95
commented
3 years ago $fieldsString is the arguments passed in CURLOPT_POSTFIELDS, not the complete URL
timint
commented
3 years ago My misstake, yes it's the post params only. I mean why would you urldecode them? This is a serialized string. What would you do if any of the values holds the characters [ ] = ?
Invalid: foo=abc&123 Valid: foo=abc%26123
http_build_query() is the way query parameters are done. That's why the content type is application/x-www-form-urlencoded when you post them.
alexanderwiden95
commented
3 years ago The problem is that "message" can contain signs such as "%2B" ("+"-sign) which will result in a incorrect formatted string if encoded.
In my testing the non-decoded $fieldsString results in a "311 (BAD_MAC)" since the "%2B" now isn't representing a plus sign.
You're correct in the fact that other characters such as []=?, and so on could make the call invalid.
timint
commented
3 years ago That is alarming. The original code lines neither do urlencoding. It seems like if Svea Ekonomi are not decoding the data on their end. Which requires the API user to send the query without encoding.
This should be escalated back to the API developers. Will you do it?
No need to invent the wheel 😁