>Number: 5758 >Category: mod_cgi >Synopsis: QUERY_STRING-UNESCAPED returns many characters prefixed with a >\ (backslash) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Feb 14 15:30:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: [EMAIL PROTECTED] >Release: 1.3.11 >Organization: apache >Environment: UNIX and Windows/98 >Description: A URI with a query string of [abc] is urlencoded as uri?%5Babc%5D
The QUERY_STRING_UNESCAPED variable is set to \[abc\] I cannot find any documentation about QUERY_STRING_UNESCAPED and would have expected QUERY_STRING_UNESCAPED to be set to [abc]. Not all urlencoded characters will be preceeded by a \. "=+" are unescaped without the \ (ie 3D%2B becomes "=+") but urlencoded {} (%7B%7D) is held in QUERY_STRING_UNESCAPED as \{\}. >How-To-Repeat: Use http://www.hcidata.co.uk/testenvi.htm This will submit a form (method=GET) with many non-alphanumeric characters. The next html page uses SSIs to echo various environmental variables such as QUERY_STRING_UNESCAPED >Fix: >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]