Hi,
I have question regarding post body params via gadgets.io.makeRequest.
I found PHP Shindig breaks posted params when it includes "%3D".
For example, when I try to post something like:
var post_data = gadgets.io.encodeValues({'message' : '1 + 1 = 2'});
params[gadgets.io.RequestParameters.METHOD] = gadgets.io.MethodType.POST;
params[gadgets.io.RequestParameters.POST_DATA] = post_data;
gadgets.io.makeRequest(url, callback, params);
This request is supposed to proxy params as
"message=1+%2B+1+%3D+2"
But on PHP Shindig, it turns out to be nothing.
This is because PHP Shindig is trying to explode('=', value) after urldecoding.
"message=1 + 1 = 2"
Here's code in php/src/gadgets/ProxyBase.php:
$entry = urldecode($entry);
$parts = explode('=', $entry);
// Process only if its a valid value=something pair
if (count($parts) == 2) {
$postData .= urlencode($parts[0]) . '=' . urlencode($parts[1]) . '&';
}
So I come up with following patch:
https://issues.apache.org/jira/browse/SHINDIG-1069
My solution is to pass the post body as is since I don't know why you
have to rebuild the post body.
Maybe a security risk?
Can any one tell me why shindig is rebuilding post body param?
If there's any security risk, alternative patch should be something
that removes urldecode part?
- $entry = urldecode($entry);
