Corrupted parameters in URL

We include a link in some of our emails that allows customers to go directly to a specific document on our server without logging in.  The document is actually displayed by a PHP page based upon an ID number passed in the URL.   (They don't link directly to the document.)

The URL is formatted like "https:\\www.oursite.com\subfolder\phpdocumentloader.php?id=12345".  When the email arrives to the user, the URL is fine.  When they click the link, however, the web browser address bar shows "...php?id%3D12345" ("=" has been encoded) and the PHP routine which tests for $_GET['id'] is failing.  If I change the encoded character back to a text "=" in the address bar of the browser and submit it again, it works fine.  I get the same results if the link is clicked in Outlook or GMail.

This behavior just started on our test server when we added a security certificate and changed the links from "http" to "https".  Using "http" versus "https" in the URL yields the same failure.  Is the problem related to the certificate?  Is there some setting I need to change in PHP or have the host change for the MS web server?

Have tested using both IE and Firefox (newest versions).  One other note:  When I copy the URL from Outlook and then paste it into the address bar of either browser, the "=" is encoded.  Both versions have been out a while, so I'm guessing this is not new behavior.  That means that something is going on in my site.

I'm a coder, not server manager, so help is badly needed and really appreciated.

Thanks,
Bruce
springthorpeSoftwareAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bigeven2002Commented:
Hello,
So for the certificate, since it happens with http as well, I doubt anything wrong with it, likely a coincidence.  But I am trying to think what else may have changed behind the scenes.

What MIME content type is the email message sent in?  Is it plain text or HTML?  If it is HTML, can you reconfigure for plain text?  In the message headers it would be:
Content-Type: text/plain
From: webmaster@oursite.com
Reply-To: webmaster@oursite.com

Open in new window


In plain text, usually the URL is still parsed but should be in a non-encoded format so the "=" should remain as is.

The next thing would be, did anything change in your email script?  I assume it is in PHP as well.  Are you using any PHP functions to parse the URL such as htmlspecialchars or rawurlencode?

One last thing that may work is if Apache is your webserver, you can use Mod-rewrite to create a friendly URL such as
https://www.oursite.com/subfolder/phpdocumentloader/12345

Open in new window

This would be done with code like below in your .htaccess file:
Options +FollowSymlinks
RewriteEngine On
RewriteRule ^phpdocumentloader/([^/]+) /phpdocumentloader.php?id=$1

Open in new window

0
Dave BaldwinFixer of ProblemsCommented:
"...php?id%3D12345" should display 'properly' as '"...php?id=12345" in an email.  You would have to look at the source of the email to see whether it was encoded.

This little code shows how to 'decode' the %3D.  Save it as 'Encodetest.php'.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Encoding test page</title>
</head>
<body>
<h1>Encoding test page</h1>
<a href="Encodetest.php">Encodetest.php</a><br>
<a href="Encodetest.php?id=12345">Encodetest.php?id=12345</a><br>
<a href="Encodetest.php?id%3D12345">Encodetest.php?id%3D12345</a><br>
<?php 
if(isset($_SERVER['QUERY_STRING'])) $query = $_SERVER['QUERY_STRING'];
else $query = "EMPTY.";
echo $query."<br>";
echo urldecode($query)."<br>";
?>
</body>
</html>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
Does the link in the email message work or fail?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

springthorpeSoftwareAuthor Commented:
Thanks for the responses.  To answer the questions:

Ray: The link is fine (having the text "=") when the user receives the email.

Bigeven: Email is generated by PHP using SwiftMailer.  It is HTML.  Management would flip if we went to plain text.  No changes in the PHP code.  Site runs under IIS on Windows Server 2013.

Dave: Link is not encoded when the email is received. Will play with your code this PM.

Again, thanks to you all!
Bruce
0
springthorpeSoftwareAuthor Commented:
Still don't know why it was necessary, but fixed problem by adding the following code at top of page:

if (isset($_SERVER['QUERY_STRING'])) $paramsIn  = $_SERVER['QUERY_STRING'];
else $paramsIn = '';
$paramsOut = urldecode($paramsIn);

if ($paramsOut > '' && $paramsIn != $paramsOut) {
	$lnk = $_SERVER['ORIG_PATH_INFO'] . "?" . $paramsOut;
	header("Location: " . $lnk);
}

Open in new window


Dave: Thanks for point me in the right direction.

Bruce
0
Dave BaldwinFixer of ProblemsCommented:
You're welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.