On Sun, 20 Jul 1997 [EMAIL PROTECTED] wrote: > Synopsis: path-info should not be urlencoded > > State-Changed-From-To: open-closed > State-Changed-By: brian > State-Changed-When: Sun Jul 20 20:36:36 PDT 1997 > State-Changed-Why: > By the only "spec" for CGI, the documentation at > http://hoohoo.ncsa.uiuc.edu/cgi/, PATH_INFO is to be > URL-decoded. There's really no reason not to do that.
Brian, Ok then 1. the spec is wrong 2. netscape server does not implement the spec (less of a surprise) The reason why path_info should not be url decoded is that url-decoding destroys information that scripts may want to use. The reason why url-decoding destroys information (why a script can't just url-encode to reocover the original) is that url-decoding and url-encoding are not pure inverse functions e.g. original -> decode -> encode foo%20bar -> foo bar -> foo%20bar //this is correct but foo bar -> foo bar -> foo%20bar //this is also correct Unless the script has some other simple way to access the original uri, this is a problem. Functional example: we want to redirect based to a uri passed in the requeest /cgi-bin/redirect/http://foo.com/bar?goo=hoo should return location: http://foo.com/bar?goo=hoo but in the urldecoding example if we get passed /cgi-bin/redirect/http://foo.com/foo%20bar/bat?goo=hoo we will be sending a redirect to: location: http://foo.com/foo bar/bat?goo=hoo If we attempt to url encode before redirect then we will encode all the slash characters and that would be wrong too. Summary: The spec only makes sense if urldecoding and urlencoding are pure inverse functions. Apache should go off spec here (like netscape) or the spec should be changed. We now have modifications to apache 1.05, 1.13 and 1.2 which turn off urldecoing of the uri. If you want them, give a holler. -Alex- ___________________________________________________________________ S. Alexander Jacobson Interband Communications 1-212-799-2645 voice 1-212-799-1075 fax > Check out http://hoohoo.ncsa.uiuc.edu/cgi/env.html, it says: > > > The extra path information, as given by the client. In > > other words, scripts can be accessed by their virtual > > pathname, followed by extra information at the end of > > this path. The extra information is sent as PATH_INFO. > > This information should be decoded by the server if it > > comes from a URL before it is passed to the CGI script. > > >
