httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: svn commit: r573831
Date Mon, 22 Oct 2007 21:24:39 GMT
Nick Kew wrote:
> Günther Gsenger <> wrote:
>> André Malo:
>>> This spreads another uri escaper copy around. Why can't we take 
>>> ap_escape_uri? Without deep digging: what's the difference?
>>> Also I don't like the ' ' => '+' transition, which should not be
>>> applied  
>>> forpaths. It's safer to translate that always to %20, I guess.
>> The main difference is this escaping of ' ' to '+'. The reason for
>> this is that while ' ' gets encoded as %20 in paths, it gets encoded
>> as '+' in query strings (afaik for historic reasons). Therefore,
>> languages which interpret the query string (like PHP) might get
>> confused if they receive a %20 in the query string (or at least that
>> was my concern).
> That sounds plausible, but I'm not sure.  Anyone else?

I strongly expect every CGI consumer expects to see '+' where appropriate,
and changing this will alter a vast number of CGI scripts.  Not all of them
broken, of course, but some will be.

You can't touch QUERY_ARGS escaping, as it's well defined.  If the patch
does this it needs refinement.


View raw message