On Tue, 23 Oct 2007 00:22:56 +0200 André Malo <[EMAIL PROTECTED]> wrote:
> > > > The main difference is this escaping of ' ' to '+'. The reason for > > > this is that while ' ' gets encoded as %20 in paths, it gets > > > encoded as '+' in query strings (afaik for historic reasons). > > > Therefore, languages which interpret the query string (like PHP) > > > might get confused if they receive a %20 in the query string (or > > > at least that was my concern). > > > > That sounds plausible, but I'm not sure. Anyone else? > > Nah. Everyone just takes %hh and turns it into an octet. The special > handling takes place for the + sign only, on both sides. > In fact, every script must be prepared to get a %20 from the client, > as well. You're right of course, and it's also so easy to implement that it's unlikely to have been messed up in real life. As I see it, we have two variants of the fix: (1) Günther Gsenger's patch, with + for space. (2) Use ap_escape_path_segment, with %20 for space. My (slight) inclination is to apply (2), but if anyone has strong views, I'm happy with (1). If noone cares enough to reply here, I'll go ahead and apply (2). -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
