decrypt random error with Laravel's built-in encryption facilities

Question

I send invitation by mail to users with a encrypted email to know which user respond to invitation. Something like:

Hello, click on this link to start learning: https://example.org/start-learning?e=fwTreaN0WybffXdDfZZUNYB3FTFfZObCb7QFF5C4AFJvTjXabIPtRfcoXLkFYMUvD4FIZsmrDdEFN2OPKcTrAOSQLZfuKdfwcic1WtBxWSXWR1GEJD6we213A3BEPBpca0BxaaQ4GGMPFeRyXp6fPrG9WnTgWogwXUcnVtdwSEEdNHGuZsClTxR2AtD2JZN8VAEsRQKpFFShEDR2SET4KxGhLGM3M0FdDelrJtO8KXS2YRaddH==

The encrypted email is the long string above. I encode mail like this in a Mailable class:

$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);

Then this $url is added in a mail template like this:

<a href="{{$url}}>click me<a>

Then, when user clicks the link, it routes to a controller and the controller decrypts the payload:

decrypt($request->input('e'));

Then, it works for about 99% of people clicking link. But for about one percent, it does not work, I have an error decrypting. And I don't know why. This is the same Laravel application which encrypts and decrypts. Is there an reason for such a weird behavior?

Side note: I know decrypt always work and has not a random behavior (BTW I tested it on 10000 entries, it's OK). There must be something else with the mail process I don't understand.

Answer 1

I think you should use urlencode() when creating link so instead of:

$url = 'https://example.org/start-learning?e=' . encrypt($this->to[0]['address']);

you should use:

$url = 'https://example.org/start-learning?e=' . urlencode(encrypt($this->to[0]['address']));

to make sure it will be valid.