Created
September 19, 2011 01:46
-
-
Save mrclay/1225832 to your computer and use it in GitHub Desktop.
RotUrl: encode/obfuscate URLs for use in other URLs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Rot35 for URLs. To avoid increasing size during urlencode(), commonly encoded | |
* chars are mapped to more rarely used chars (end of the uppercase alpha). | |
* | |
* @param string $url | |
* @return string | |
*/ | |
function rotUrl($url) { | |
return strtr($url, | |
'./-:?=&%# ZQXJKVWPY abcdefghijklmnopqrstuvwxyz123456789ABCDEFGHILMNORSTU', | |
'ZQXJKVWPY ./-:?=&%# 123456789ABCDEFGHILMNORSTUabcdefghijklmnopqrstuvwxyz'); | |
} |
If you're using urlencode() correctly it does not.
Then how about
if (! function_exists('rotUrl')) {
function rotUrl($url) {
return urlencode(strtr($url,
'./-:?=&%# ZQXJKVWPY abcdefghijklmnopqrstuvwxyz123456789ABCDEFGHILMNORSTU',
'ZQXJKVWPY ./-:?=&%# 123456789ABCDEFGHILMNORSTUabcdefghijklmnopqrstuvwxyz'));
}
}
if (! function_exists('unrotUrl')) {
function unrotUrl($url) {
return strtr(urldecode($url),
'./-:?=&%# ZQXJKVWPY abcdefghijklmnopqrstuvwxyz123456789ABCDEFGHILMNORSTU',
'ZQXJKVWPY ./-:?=&%# 123456789ABCDEFGHILMNORSTUabcdefghijklmnopqrstuvwxyz');
}
}
urlencode() belongs in your code to properly encode query values in URLs. PHP's $_GET
will then have the correct value to feed back into rotUrl().
Your app must have proper query string encoding and HTML attribute escaping of the encoded URL. Otherwise you'll have vulnerabilities, not just problems transmitting values.
We must save this conversation here as a future usage note tho.
So for safe usage
urlencode(rotUrl($url)) // to encode
rotUrl(urldecode($url)) // to decode
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It breaks the url if source url contains any of
ZQXJKVWPY
.