1

Topic: URL Escaping when calling Webservices API Changed?

Hello,
It seems that something has changed recently with the Adobe Connect Webservices API. In the past, when I would call 'principal-update' to create or update a user, I would sanitize all my strings using urlencode() in PHP, which takes any non-alphanumeric characters (or dashes and underscores) and "percent encodes" them. For example, a "@" character in an email address becomes "%40".

This is important especially in the case that a string contains an ampersand (&) or question mark (?) since those characters are used to pass the parameters themselves in the URL string.
This has always worked fine until I noticed a few days ago it was no longer working.

If I attempt to create a user with an email address formatted with the "%40", Connect now comes back with an error message saying it wasn't formatted properly. Removing the encoding fixes the problem.
However, this is NOT best practice. And especially for passwords, which could theoretically contain ampersands and question marks, you cannot simply pass the raw string in the URL as it will create a malformed URL.

Has anyone noticed this, and does Adobe know about it? Seems like a major problem, and means I will have to prevent users from using these special characters in their passwords until this is fixed.

2

Re: URL Escaping when calling Webservices API Changed?

Which version of Connect are you using ?
I am using a login API with email address as purnima@<xyz.com> and password that has special characters and it is working fine for me. I am on Connect 8 SP1

3

Re: URL Escaping when calling Webservices API Changed?

What if your password was, for example: a&b;c?d;=
Are you able to login using the API?
For me it doesn't work as the & causes troubles, and escaping it doesn't work.
I am on Connect 8.

4

Re: URL Escaping when calling Webservices API Changed?

well it doesn't work. And i feel that, it should even work.
These are key characters that seperate field-value pair and so ?&= should not be part of password or any value that one types as & will make it new field and = will tag it has value.

But definitely you can stop users from using these characters in password and you can set this rule from Connect itself.

5

Re: URL Escaping when calling Webservices API Changed?

I will probably just prohibit use of the ampersand character in passwords. Still it seems as though the API should allow percent-encoding since it is a GET request after all. Ampersands work fine if you are using the Connect admin interface itself, just not via API calls.

Also I can't find a place inside Connect to prohibit certain characters, though I do see a place to require a specific character.