Hi again. Thanks for all the info!
Not sure I'd agree that GET should just "assume" it was URLencoded, but hey - who am I to argue? :-{)]
As mentioned, this is eventually buried into a Joomla! site's login functions (displays any errors). So not sure I'd have access to the originating call to URLencode it before sending, if it's part of the standard Joomla! login function and not some of our custom code.
However, Mike's suggestion to "pre-parse" it at our end:
$_GET['foo'] = str_replace(' ', '+', $_GET['foo']);
appears to work fine. I put the above in in just before the GET in my bare-bones PHP-only test, and in the actual Joomla! page just before their equivalent call:
echo base64_decode(JRequest::getVar('message', '', 'method', 'base64'));
Have tested it with strings that also included a / (being the other non-alphanumeric character that Base64 uses), and it remains unaffected.
So, guess I can either add the pre-parse wherever I need to, or try to locate the call to see if I can urlencode it (and who am I to argue why they didn't do that too?!)
Thanks again.
George
