homepage Welcome to WebmasterWorld Guest from 54.224.179.98
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
RewriteRule & encoded + sign unexpected results
Stump the chump trivia test for your next Apache guru get together
KenB




msg:4086578
 6:38 pm on Feb 24, 2010 (gmt 0)

Today I discovered a totally unexpected behavior when the .htaccess RewriteRule passes an encoded plus sign (%2B) to a query string. For example if you take and urlencode the URI "/foo/widget 2+.html" you get "/foo/widget+2%2B.html". Now take this URI and pass it to a querystring via the following RewriteRule:

RewriteRule ^(foo|bla|ick)/(.*)\.html$ /index.php?$1=$2 [L,QSA]

Now in index.php take and decode the variable $foo using the urldecode function:

echo urldecode($foo);

What would the result be?

.

.

.

.

If you said "widget 2+" you would be wrong. What you end up with is "widget 2 " where the plus sign ends up being another space.

In order to get the plus sign back you would need to do the following:

$foo=urldecode($_SERVER['REQUEST_URI']);
$foo=str_replace("/foo/","",str_replace(".html","",$foo));
echo $foo;


Apparently, best I can tell when the RewriteRule passes %2B to a variable it converts the %2B back into a plus sign and then urldecode() converts the plus sign into a space.

I wasted half the morning figuring that one out.

So the next time you need to stump the chump at some get together of Apache gurus ask them the above scenario and see if they get it right. Odds are they won't.

 

KenB




msg:4086595
 7:03 pm on Feb 24, 2010 (gmt 0)

Thinking more on this issue. I think what is really happening is that Apache is decoding the string as the RightRule passes it over to the query string. Thus using urldecode() becomes redundant, thus the plus sign disappears. So unless someone does what I do and bury the urldecode instruction in a larger custom function for cleaning variables they could simply use $foo straight without using urldecode.

In my case since I use a separate multi-use function to sanitize encoded such strings I have to parse the REQUEST_URI as I described at the end of my post above.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved