[addons validation] The use of function base64_encode() is forbidden

[bellini13]

Can you please provide an explanation as to why base64_encode function is forbidden?  What function should be used instead?

[Xavier du Tertre]

Hey,

 

It's a matter of security. We're had really bad contributions hidden behind a base64 before and we don't want this kind of encoded module to be validated automatically. 

 

What function should be used instead?

 

It depends on what you're developing.

[bellini13]

In my situation, I base64 encode a string so the string can be appended to the end of a URL.  Using URL encoding is not desirable here, since I am looking to mask the string from a standard end user, and it also drastically shortens the string value, bypassing GET length limitations.  

 

The string is then base64_decoded within the template and displayed to the end user when the page is rendered.

 

Usually Prestashop will have a Tools function that they want you to use instead, but in this case no alternative is provided.

[ExpertoPrestaShop]

Hello:

 

Did you find a solution for this issue??

 

Thanks.

 

Regards

[bellini13]

In my case, I removed the usage of base64 and took an alternatively route for displaying the message.

[ExpertoPrestaShop]

Of course, but that's now your initial question. Your initial question was why this function is forbidden, and the most important, what alternative exists?

You can change it because it was your personal development. But, what to do when you receive a base64 encoded string from a third party and you must decoded?? Is there any alternative solution that Prestashop accept??

 

Regards

[ExpertoPrestaShop]

Thanks for your advice. I'm not using it for encryption. Is a third party system requirement. I will write a note when I submit my module to Addons.

 

Regards