"MikerRoo" <webforumsuser@macromedia.com> wrote in
message
news:e5iocd$7$1@forums.macromedia.com...
> You do not want to strip + or / -- those are vital
base64 characters.
OK.
>
> Also, the sample URL
>
"test.cfm?crypt=AxcOGx89dnl9cDcHUhM+HBQGGw4DInZlQzUHFkAULRo8DxZPKzs/XlkkDQBWA2s7
> IgIBHAst
>
>
P19ZOEIlVgkvACI3FywFKi4LA2dUQwJBHT8DNxcmDnMwAgZnVTJyVH9CYCcpVkd6eAIAeyYwcVRmKRVT
>
>
XStcfQ4DBWVWDhUzMy4lFwchBXN8BQJvQjJeCD4BJF5aQVN3bXdgBSclAVoKIxxDIi4+DQMQdzIAAVYU
> O
>
>
D01EBoDHnMGd2IVLDZ3QRsAIxcsAA4rGVNFIwgHDioKOxMrKitMDR0EZDMXBl8TdiIRNywnLwptcV8wE
> DJ
>
aA3ZfdlArPA8tPkRTBRASRxI4Uh8oSSwrGB0LexgoKQoxADUBV1w1W35yBH4dUikBMA=="
> is not valid.
No, that's because I put in some hard returns; this is the
working URL.crypt
(if I copy if from the address bar):
AxcOGx89dnl9cDcHUhM+HBQGGw4DInZlQzUHFkAULRo8DxZPKzs/XlkkDQBWA2s7IgIBHAstP19ZOEIlVgkvACI3FywFKi4LA2dUQwJBHT8DNxcmDnMwAgZnVTJyVH9CYCcpVkd6eAIAeyYwcVRmKRVTXStcfQ4DBWVWDhUzMy4lFwchBXN8BQJvQjJeCD4BJF5aQVN3bXdgBSclAVoKIxxDIi4+DQMQdzIAAVYUOD01EBoDHnMGd2IVLDZ3QRsAIxcsAA4rGVNFIwgHDioKOxMrKitMDR0EZDMXBl8TdiIRNywnLwptcV8wEDJaA3ZfdlArPA8tPkRTBRASRxI4Uh8oSSwrGB0LexgoKQoxADUBV1w1W35yBH4dUikBMA==
The crypt string above is being returned to my page by Protx.
I have no
control over it; they provide functions to decode the string
into valid
fields. If I manually paste in the above string, it works. If
I use
URL.crypt, it doesn't. The problem therefore is that
something is happening,
presumably only with CFMX7, to the qs before it is passed to
the routine.
> Are you taking the Protx return value and then calling a
template with it?
> If so, you need to use URLEncodedFormat() like so:
> <b><CFSET decodeURL = "test.cfm?crypt=" &
URLEncodedFormat
> (ProtxReturnValue)></b>
That fails with an error: The parameter 1 of function
ToBinary, which is now
"AxcOGx89dnl9cDcHUhM%20HBQGGw4DInZlQzUHFkAULRo8DxZPKzs%2FXlkkDQBWA2s7IgIBHAstP19ZOEIlVgkvACI3FywFKi4LA2dUQwJBHT8DNxcmDnMwAgZnVTJyVH9CYCcpVkd6eAIAeyYwcVRmKRVTXStcfQ4DBWVWDhUzMy4lFwchBXN8BQJvQjJeCD4BJF5aQVN3bXdgBSclAVoKIxxDIi4%20DQMQdzIAAVYUOD01EBoDHnMGd2IVLDZ3QRsAIxcsAA4rGVNFIwgHDioKOxMrKitMDR0EZDMXBl8TdiIRNywnLwptcV8wEDJaA3ZfdlArPA8tPkRTBRASRxI4Uh8oSSwrGB0LexgoKQoxADUBV1w1W35yBH4dUikBMA%3D%3D"
must be a Base-64 encoded string.
> Finally, SimpleXor and base64Decode are not coldfusion
functions. You
> would
> use BitXor and BinaryDecode.
No, they are functions provided by Protx. I've tried the
native functions,
but they fail (BitXor in particular as that needs two integer
values; the
password is a string).
Here's the simpleXor function:
function simpleXor(InString, Key) {
// Initialise key array
KeyList = ArrayNew(1);
// Initialise output variable
output = "";
// Convert $Key into array of ASCII values
// ColdFusion arrays are indexed at 1, not 0. Smart!
for(i = 1; i LTE Len(Key); i=i+1){
KeyList
= Asc(Mid(Key, i, 1));
}
for(i = 0; i LTE Len(InString)-1; i=i+1){
// Get ASCII code from string, get ASCII code from key (loop
through with
MOD), XOR the two
result = (bitXor((Asc(Mid(InString, i+1, 1))), (KeyList[(i
MOD
Len(Key))+1])));
// Horrible hack to avoid problem with chr(0)
// If result is 0...
if (result eq 0){
// ...add the null character to output
output = output & urldecode("%00");
} else {
// ...add the specified character to output
output = output & Chr(result);
}
}
// Return the result
return output;
}
For completeness, here's the base64Decode function also:
function base64Decode(scrambled) {
// Initialise output variable
output = "";
// Fix plus to space conversion issue
scrambled = Replace(scrambled," ","+");
// Do decoding
output = toString(toBinary(scrambled));
// output = ToString(BinaryDecode(scrambled,"Base64"));
// Return the result
return output;
}