ID: 39078
Comment by: jerm at live dot com
Reported By: main at springtimesoftware dot com
Status: Open
Bug Type: Feature/Change Request
Operating System: Windows XP
PHP Version: 5.1.6
New Comment:
I'm with David on this.
On the client-side, I'm using the JavaScript escape() function to
encode data for sending to the server using a POST ajax request.
(Original bug report refers to $_GET, but this is also affecting
$_POST)
The server sees both plus signs "+" and "%20" as spaces. And yes, PHP
is seeing the plus, untouched by Apache, as I can prove using:
echo file_get_contents("php://input"); // Display raw POST
This is very frustrating. I'm currently getting around this by parsing
the raw POST data manually (above), and not using the pre-parsed $_POST
data.
Previous Comments:
------------------------------------------------------------------------
[2006-10-10 13:30:10] main at springtimesoftware dot com
So, that's it? Just a few ignorant attempts to classify this feature
request as Bogus, with no assignment to a developer to make this feature
request happen?
I'm disappointed.
An option to process incoming URL args using rawurldecode instead of
urldecode would benefit so many users!
David Spector
------------------------------------------------------------------------
[2006-10-07 22:53:52] main at springtimesoftware dot com
I'm not sure I'm following you.
Section "Reserved:" in RFC 1738 (at
http://www.freesoft.org/CIE/RFC/1738/4.htm) states:
----
Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
reserved characters used for their reserved purposes may be used
unencoded within a URL.
----
Since "+" is listed, I would expect that any agent that obeyed this RFC
would transmit "+" unchanged.
That means that Apache should transmit "+" unchanged to PHP.
This is why I would be surprised to find that Apache is the cause of
this problem.
Indeed, if I browse (using IE 6.0) to a Web page that contains a call
to phpinfo(), browsing using a URL that contains the argument
"Arg=+%20", then phpinfo() reports that _SERVER["QUERY_STRING"] has the
value "Arg=+%20". (I just did this, I'm not making this up.)
This confirms that the plus sign is getting to PHP okay.
So wouldn't you agree with me that Apache cannot be causing this
problem?
PHP must be using urldecode() when it parses the arguments into the
$_GET array, yes? Otherwise, how would the plus sign in the argument
become a space?
David
------------------------------------------------------------------------
[2006-10-07 22:15:37] [EMAIL PROTECTED]
It's not hard to believe... it's what the RFC states:
http://www.freesoft.org/CIE/RFC/1738/4.htm, read the section "unsafe".
------------------------------------------------------------------------
[2006-10-07 21:44:08] main at springtimesoftware dot com
So you are saying that this problem is definitely in Apache, not in
PHP?
You are saying that Apache converts plus signs into spaces?
Please confirm this, it is hard to believe.
David
------------------------------------------------------------------------
[2006-10-07 21:39:53] [EMAIL PROTECTED]
PHP receives POST/GET data from Apache in decoded form, so if
Javascript doesn't encode "+" sign, we can't fix it or even change it in
anyway.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/39078
--
Edit this bug report at http://bugs.php.net/?id=39078&edit=1
