On Fri, Apr 4, 2014 at 1:15 PM, Eric Covener <[email protected]> wrote: > However this is another part of the escaping here that is wrong half the > time. It you're not substituting into the query string, we want c2x.
Agreed, POST vars spaces (application/x-www-form-urlencoded) for example should be %20-encoded (although it's not always observed). IMHO, '+' vs %20 deserves its own escape_uri() arg.
