Nick Kew wrote:
Günther Gsenger <[EMAIL PROTECTED]> wrote:
André Malo:
This spreads another uri escaper copy around. Why can't we take
ap_escape_uri? Without deep digging: what's the difference?
Also I don't like the ' ' => '+' transition, which should not be
applied
forpaths. It's safer to translate that always to %20, I guess.
The main difference is this escaping of ' ' to '+'. The reason for
this is that while ' ' gets encoded as %20 in paths, it gets encoded
as '+' in query strings (afaik for historic reasons). Therefore,
languages which interpret the query string (like PHP) might get
confused if they receive a %20 in the query string (or at least that
was my concern).
That sounds plausible, but I'm not sure. Anyone else?
I strongly expect every CGI consumer expects to see '+' where appropriate,
and changing this will alter a vast number of CGI scripts. Not all of them
broken, of course, but some will be.
You can't touch QUERY_ARGS escaping, as it's well defined. If the patch
does this it needs refinement.
Bill
