Thanks Scott, I did a fair bit of Googling and searching but managed to not type the right query to help me find that issue.
Kevin O'Brien Drupal Developer http://www.coderintherye.com 415-754-0112 On Fri, Mar 22, 2013 at 5:00 AM, <development-requ...@drupal.org> wrote: > Send development mailing list submissions to > development@drupal.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.drupal.org/mailman/listinfo/development > or, via email, send a message with subject or body 'help' to > development-requ...@drupal.org > > You can reach the person managing the list at > development-ow...@drupal.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of development digest..." > > > Today's Topics: > > 1. rawurlencode vs. urlencode in drupal_http_build_query and > drupal_encode_path (Kevin O) > 2. Re: rawurlencode vs. urlencode in drupal_http_build_query and > drupal_encode_path (Scott Reynen) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 21 Mar 2013 20:22:28 -0700 > From: Kevin O <nowarningla...@gmail.com> > Subject: [development] rawurlencode vs. urlencode in > drupal_http_build_query and drupal_encode_path > To: development@drupal.org > Message-ID: > <CAKHOBFM=NLv+7QWEQ01L208TaB7YBt= > 2qpyvebp0n9ip3hj...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Howdy folks. Due to some draconian anti-SQL injection filters in our > firewall software, I'm exploring how a few things work with url building in > Drupal 7 & 8. A particular firewall rule is rejecting %20and%20 which > unfortunately comes up fairly often with searches and webform, because both > urls for those get encoded in that way. > > Now, this filtering is not of course Drupal's problem, but in tracking this > down, I found that basically, drupal_http_build_query and > drupal_encode_path use rawurlencode and thus change spaces to %20. The > space change and the lack of encoding the ~ seem to be the only difference > between rawurlencode and urlencode in PHP. (further info here > http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode ) > > Since drupal_http_build_query was introduced in D7 as was > drupal_encode_path they both seem to have always used rawlurlencode, > however the previous function for the latter was drupal_urlencode which was > a wrapper for urlencode. > > Does anyone know why we switched to using rawurlencode instead of > urlencode? Does anyone have thoughts on switching back to urlencode? I > could just go file a feature request for this, but wanted to get a feel for > the history and reasons for this change first. > > Thanks! > > Cheers, > Kevin O'Brien > Drupal Developer > http://www.coderintherye.com > 415-754-0112 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.drupal.org/pipermail/development/attachments/20130321/ec66ca1d/attachment-0001.html > > ------------------------------ > > Message: 2 > Date: Thu, 21 Mar 2013 22:16:21 -0600 > From: Scott Reynen <sc...@slicedbreadlabs.com> > Subject: Re: [development] rawurlencode vs. urlencode in > drupal_http_build_query and drupal_encode_path > To: development@drupal.org > Message-ID: <514bdb15.1070...@slicedbreadlabs.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > I wasn't around when this happened, but the history is all documented > and searchable, so it didn't take too long to find an answer. While > drupal_urlencode() was a wrapper for urlencode() in D5, it became a > wrapper for rawurlencode() in D6. Here's the commit: > > > http://drupalcode.org/project/drupal.git/commitdiff/f68f52540107a625f326448f413bc323e2138f31 > > And here's the related issue with discussion of why that change was made: > > http://drupal.org/node/191116 > > -- > Scott Reynen > Sliced Bread Labs > > On 3/21/13 9:22 PM, Kevin O wrote: > > Howdy folks. Due to some draconian anti-SQL injection filters in our > > firewall software, I'm exploring how a few things work with url building > > in Drupal 7 & 8. A particular firewall rule is rejecting %20and%20 which > > unfortunately comes up fairly often with searches and webform, because > > both urls for those get encoded in that way. > > > > Now, this filtering is not of course Drupal's problem, but in tracking > > this down, I found that basically, drupal_http_build_query and > > drupal_encode_path use rawurlencode and thus change spaces to %20. The > > space change and the lack of encoding the ~ seem to be the only > > difference between rawurlencode and urlencode in PHP. (further info here > > http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode) > > > > Since drupal_http_build_query was introduced in D7 as was > > drupal_encode_path they both seem to have always used rawlurlencode, > > however the previous function for the latter was drupal_urlencode which > > was a wrapper for urlencode. > > > > Does anyone know why we switched to using rawurlencode instead of > > urlencode? Does anyone have thoughts on switching back to urlencode? I > > could just go file a feature request for this, but wanted to get a feel > > for the history and reasons for this change first. > > > > Thanks! > > > > Cheers, > > Kevin O'Brien > > Drupal Developer > > http://www.coderintherye.com > > 415-754-0112 > > > > > ------------------------------ > > -- > [ Drupal development list | http://lists.drupal.org/ ] > > End of development Digest, Vol 123, Issue 3 > ******************************************* >
