I hate apache for doing that. When I do a rewrite rule, the chars in the url are unescaped in the rule. Then the data is unescaped again.
(note: for readability, I use the "code" tag because I use spaces as "layout")
- Code: Select all
Exemple :
RewriteRule ^(.*)$ index.php?all=$1
Someone wants the url /aa1 I get $all=='aa1' and know what to do.
Someone wants the url /a%20b I get $all=='a b' and know what to do.
Someone wants the url /a%25b I get $all=='a%b' and know what to do.
Someone wants the url /a%2520b I get $all=='a b' and I'm fucked. I wanted 'a%20b'
( /a%2520b is rewrited index.php?all=a%20b and then $all='a b' )
So I found in the archives the solution for this, being :
RewriteRule ^(.*)$ index.php?all={escape:$1|$1}
For the url /a%2520b I know have ideed $all=='a%20b'
But a new case happened. The culprit is /a%26b
This means 'a&b'
Except for whatever the reason is, & in not re-escaped.
So php got a fun answer: ?all=a&b means for him $all='a' and $b=''
A clear exemple is when I print_r() $_SERVER, and try with /a%26b%20c
[REDIRECT_QUERY_STRING] => all=a&b%20c
[REDIRECT_URL] => /a&b c
[QUERY_STRING] => all=a&b%20c
[REQUEST_URI] => /a%26b%20c
It's clear that the 2 chars are not treated the same way...
Does anyone got a solution ?