How to transport data from Javascript to PHP?

Question

In Javascript I have:

function authenticateAndFetch(payload) {
  const endpoint = PropertiesService.getScriptProperties().getProperty('WEBHOOK_URL');
  const hmac_key = PropertiesService.getScriptProperties().getProperty('HMAC_SHA_256_KEY');
  var send_data = JSON.stringify(payload)
  const signature = Utilities.computeDigest(Utilities.DigestAlgorithm.MD5, send_data)
    .map(function(chr){return (chr+256).toString(16).slice(-2)})
    .join(''); // Golf https://stackoverflow.com/a/49759368/300224
  const fetch_options = {
    'method': 'post',
    'payload': {'gmail_details': send_data, 'signature': signature},
    'muteHttpExceptions': true
  };
  const response = UrlFetchApp.fetch(endpoint, fetch_options);
  return response.getContentText();
}

Then in PHP I validate this with:

$detailsString = $_POST['gmail_details'];
$correctSignature = md5($detailsString);

After some logging, and a long day, I found out that Javascript and PHP will produce different md5 sums for a string including this data:

HEX: 65 20 c2 97 20 44

Is there some way to sanitize the inputs in Javascript before sending them to PHP, or is there some way to get matching strings in both environments?

William Entriken · Answer 1 · 2018-08-16T14:16:54.537

I never fixed the actual problem. And think minimizing the question will lead to a bug report on Google App Script or PHP. But here is a workaround that let's me keep moving, and it is highly inefficient:

function authenticateAndFetch(payload) {
  const endpoint = PropertiesService.getScriptProperties().getProperty('WEBHOOK_URL');
  const hmac_key = PropertiesService.getScriptProperties().getProperty('HMAC_SHA_256_KEY');
  var send_data = JSON.stringify(payload);
  send_data = Utilities.base64Encode(send_data); // https://stackoverflow.com/q/51866469/300224
  const signature = Utilities.computeDigest(Utilities.DigestAlgorithm.MD5, send_data)
    .map(function(chr){return (chr+256).toString(16).slice(-2)})
    .join(''); // Golf https://stackoverflow.com/a/49759368/300224


  const fetch_options = {
    'method': 'post',
    'payload': {'gmail_details': send_data, 'signature': signature},
    'muteHttpExceptions': true
  };
  const response = UrlFetchApp.fetch(endpoint, fetch_options);
  return response.getContentText();
}

And PHP

$detailsString = $_POST['gmail_details'];
$detailsString = base64_decode($_POST['gmail_details']);
$correctSignature = md5($detailsString);

In summary, you can't reliably transfer non-ASCII from Javascript to PHP so just base64 encode everything.

There is a web-safe base64 option as well in Apps Script - not sure if the differences are meaningful for your application however. — tehhowch, Aug 16 '18 at 16:08
Related news. If a GmailLabel has emoji in it then it will encode as ? if you Base64 encode and decode. — William Entriken, Sep 18 '18 at 16:25

How to transport data from Javascript to PHP?

1 Answers1

Linked