decodes some special chars in a URL query #12223
Conversation
dawehner
commented
Oct 13, 2014
dawehner
commented
| Q | A |
|---|---|
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | yes |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #12200 |
| License | MIT |
| Doc PR |
There was a problem hiding this comment.
Unencoding the = is not safe. There is a difference between ?foo%3Dbar=baz and ?foo=bar=baz!
There was a problem hiding this comment.
One means array('foo=bar' => 'baz') and the other array('foo' => 'bar=baz')
dawehner
force-pushed
the
query-encoding
branch
from
c6c528c to
c0e6436
Compare
|
You are absolute right, let's imit it to the two special cases described in the RFC |
|
@Tobion Is it good now? |
There was a problem hiding this comment.
I don't agree that decoding ? makes things better. For example: /path/sub?foo?bar it gets very hard to see where the query part starts. I think other chars are more worth to keep decoded like @, e.g. when you pass an email like [email protected]. So I think its ok to use $this->decodedChars BUT without = and & (in case somebody added it in a subclass). Just unset them in a local variable.
There was a problem hiding this comment.
Also the documentation of $this->decodedChars should be updated then to mention its also used for query decoding.
There was a problem hiding this comment.
Damn + is probably risky as well. Since it is the encoded form of space when using forms.
So ?foo=bar+baz will result in _GET["foo"] = 'bar baz' which is bad.
So I guess we should just decode the / for now.
|
Okay, let's just do the "/" for now. |
dawehner
force-pushed
the
query-encoding
branch
from
c0e6436 to
cd2c2e3
Compare
|
Thank you @dawehner. |
This PR was merged into the 2.6-dev branch. Discussion ---------- decodes some special chars in a URL query | Q | A | ------------- | --- | Bug fix? | yes|no (not sure :) ) | New feature? | no | BC breaks? | yes|no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #12200 | License | MIT | Doc PR | Commits ------- cd2c2e3 decodes some special chars in a URL query
3 participants
