Hi again. Thanks for all the info!
Not sure I'd agree that GET should just "assume" it was URLencoded, but
hey - who am I to argue? :-{)]
As mentioned, this is eventually buried into a Joomla! site's login
functions (displays any errors). So not sure I'd have access to the originating
call to URLencode it before sending, if it's part of the standard Joomla! login
function and not some of our custom code.
However, Mike's suggestion to "pre-parse" it at our end:
$_GET['foo'] = str_replace(' ', '+', $_GET['foo']);
appears to work fine. I put the above in in just before the GET in my
bare-bones PHP-only test, and in the actual Joomla! page just before their
equivalent call:
echo base64_decode(JRequest::getVar('message', '', 'method', 'base64'));
Have tested it with strings that also included a / (being the other
non-alphanumeric character that Base64 uses), and it remains unaffected.
So, guess I can either add the pre-parse wherever I need to, or try to
locate the call to see if I can urlencode it (and who am I to argue why they
didn't do that too?!)
Thanks again.
George
