Home/ Questions/Q 7026909
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T00:10:45+00:00

My app sends out an email with a URL in it. The url contains

  • 0

My app sends out an email with a URL in it. The url contains a query string attribute that is encrypted. I CGI escaped the encrypted value so that symbols like + * . etc are escaped. The escaped URL appears in the email as expected, but when we click on the link, the encrypted values are decrypted.

For Example, the url in the email is as follows
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4

email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j

when we click on this link the url in the browser appears as
http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j&owner_id=4

email=5M+jE1G6UB26tw/Ah+zr1+JSSxeAoP6j

The + is substituted with space. As a result
params[:email] = 5M jE1G6UB26tw/Ah zr1 JSSxeAoP6j

which gives me a 404.

Is there any way I can avoid this situation. How can I make the url in the browser also appear as

http://development.com/activate/snJAmJxkMo3WZ1sG27Aq?album_id=2&email=5M%2BjE1G6UB26tw/Ah%2Bzr1%2BJSSxeAoP6j&owner_id=4

in the browser?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In order to avoid this situation I Hex encoded the email attribute so that the it contains only alphabets and numbers. Used these are the methods to Hex encode and decode.

    convert string2hex:
def hexdigest_to_string(string)
 string.unpack('U'*string.length).collect {|x| x.to_s 16}.join
end

convert hex2string
def hexdigest_to_digest(hex)
 hex.unpack('a2'*(hex.size/2)).collect {|i| i.hex.chr }.join
end
    • 0