> I have informed Barclays accordingly (but I expect they will still say > it's my fault).
It isn't your fault, the URL spec is unequivocal about the fact that spaces are illegal, and they are totally, horribly wrong. This is symptomatic of the laziness/incompetence I often see on the part of programmers at large corporations. That isn't a criticism, it's an observation. I spent 3 years working at J.P. Morgan on Wall Street, and I know the environment well. Send them this as proof that their code is totally broken: test.php -------- <?php echo "datetime=" . $_GET["datetime"] . "\n"; echo "cardprefix=" . $_GET["cardprefix"] . "\n"; ?> Then from a *command line*, feed test.php the query string they say they are sending: curl "http://myhost/test.php?transactionstatus=Success&oid=JJXE3Q-1&total=418.75&clientid=65229&chargetype=Auth&datetime=Apr 26 2013 05:45:49&ecistatus=0&cardprefix=4" Result: datetime=Apr cardprefix= On the other hand, following standards: curl "http://myhost/test.php?transactionstatus=Success&oid=JJXE3Q-1&total=418.75&clientid=65229&chargetype=Auth&datetime=Apr+26+2013+05:45:49&ecistatus=0&cardprefix=4"; or: curl "http://myhost/test.php?transactionstatus=Success&oid=JJXE3Q-1&total=418.75&clientid=65229&chargetype=Auth&datetime=Apr%2026%202013%2005:45:49&ecistatus=0&cardprefix=4"; Result: datetime=Apr 26 2013 05:45:49 cardprefix=4 In other words, the PHP query string parser dies as soon as it sees a space, and stops parsing. While it may be that web servers are accepting these malformed query strings, anyone who is using PHP (which is most of the world), is in big trouble if they want the datetime, ecistatus, or cardprefix fields, because it's broken. This *cannot* be tested from a browser, because *browsers* convert spaces in the URL to %20, so test.php sees a valid URL. I really hope that isn't how they tested their software... You should really get on their case about this. Regards, Aparajita www.aparajitaworld.com "If you dare to fail, you are bound to succeed." - Sri Chinmoy | www.srichinmoy.org _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://active4d-nabble.aparajitaworld.com/
