Corrupted parameters in URL
We include a link in some of our emails that allows customers to go directly to a specific document on our server without logging in. The document is actually displayed by a PHP page based upon an ID number passed in the URL. (They don't link directly to the document.)
The URL is formatted like "https:\\www.oursite.com\subfolder\phpdocumentloader.php?id=12345". When the email arrives to the user, the URL is fine. When they click the link, however, the web browser address bar shows "...php?id%3D12345" ("=" has been encoded) and the PHP routine which tests for $_GET['id'] is failing. If I change the encoded character back to a text "=" in the address bar of the browser and submit it again, it works fine. I get the same results if the link is clicked in Outlook or GMail.
This behavior just started on our test server when we added a security certificate and changed the links from "http" to "https". Using "http" versus "https" in the URL yields the same failure. Is the problem related to the certificate? Is there some setting I need to change in PHP or have the host change for the MS web server?
Have tested using both IE and Firefox (newest versions). One other note: When I copy the URL from Outlook and then paste it into the address bar of either browser, the "=" is encoded. Both versions have been out a while, so I'm guessing this is not new behavior. That means that something is going on in my site.
I'm a coder, not server manager, so help is badly needed and really appreciated.
Thanks,
Bruce
The URL is formatted like "https:\\www.oursite.com\subfolder\phpdocumentloader.php?id=12345". When the email arrives to the user, the URL is fine. When they click the link, however, the web browser address bar shows "...php?id%3D12345" ("=" has been encoded) and the PHP routine which tests for $_GET['id'] is failing. If I change the encoded character back to a text "=" in the address bar of the browser and submit it again, it works fine. I get the same results if the link is clicked in Outlook or GMail.
This behavior just started on our test server when we added a security certificate and changed the links from "http" to "https". Using "http" versus "https" in the URL yields the same failure. Is the problem related to the certificate? Is there some setting I need to change in PHP or have the host change for the MS web server?
Have tested using both IE and Firefox (newest versions). One other note: When I copy the URL from Outlook and then paste it into the address bar of either browser, the "=" is encoded. Both versions have been out a while, so I'm guessing this is not new behavior. That means that something is going on in my site.
I'm a coder, not server manager, so help is badly needed and really appreciated.
Thanks,
Bruce
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does the link in the email message work or fail?
ASKER
Thanks for the responses. To answer the questions:
Ray: The link is fine (having the text "=") when the user receives the email.
Bigeven: Email is generated by PHP using SwiftMailer. It is HTML. Management would flip if we went to plain text. No changes in the PHP code. Site runs under IIS on Windows Server 2013.
Dave: Link is not encoded when the email is received. Will play with your code this PM.
Again, thanks to you all!
Bruce
Ray: The link is fine (having the text "=") when the user receives the email.
Bigeven: Email is generated by PHP using SwiftMailer. It is HTML. Management would flip if we went to plain text. No changes in the PHP code. Site runs under IIS on Windows Server 2013.
Dave: Link is not encoded when the email is received. Will play with your code this PM.
Again, thanks to you all!
Bruce
ASKER
Still don't know why it was necessary, but fixed problem by adding the following code at top of page:
Dave: Thanks for point me in the right direction.
Bruce
if (isset($_SERVER['QUERY_STRING'])) $paramsIn = $_SERVER['QUERY_STRING'];
else $paramsIn = '';
$paramsOut = urldecode($paramsIn);
if ($paramsOut > '' && $paramsIn != $paramsOut) {
$lnk = $_SERVER['ORIG_PATH_INFO'] . "?" . $paramsOut;
header("Location: " . $lnk);
}Dave: Thanks for point me in the right direction.
Bruce
You're welcome.
So for the certificate, since it happens with http as well, I doubt anything wrong with it, likely a coincidence. But I am trying to think what else may have changed behind the scenes.
What MIME content type is the email message sent in? Is it plain text or HTML? If it is HTML, can you reconfigure for plain text? In the message headers it would be:
Open in new window
In plain text, usually the URL is still parsed but should be in a non-encoded format so the "=" should remain as is.
The next thing would be, did anything change in your email script? I assume it is in PHP as well. Are you using any PHP functions to parse the URL such as htmlspecialchars or rawurlencode?
One last thing that may work is if Apache is your webserver, you can use Mod-rewrite to create a friendly URL such as
Open in new window
This would be done with code like below in your .htaccess file:Open in new window