Bug#421820: ap_escape_uri() doesn't escape &-sign

To: 421820@bugs.debian.org, "Thibaut VARENE" <varenet@debian.org>
Cc: 421820-submitter@bugs.debian.org
Subject: Bug#421820: ap_escape_uri() doesn't escape &-sign
From: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 9 May 2007 19:09:17 +0200
Message-id: <[🔎] 200705091909.42913.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 421820@bugs.debian.org

Apache behaves correctly (in principle). From RFC 2396 section 3.3:

'The path may consist of a sequence of path segments separated by a
single slash "/" character.  Within a path segment, the characters
"/", ";", "=", and "?" are reserved.' [1]

This means '&' is a reserved character only in the query part after 
the '?', but not before the '?' in the path part of the URL.

I am not sure how this helps you, though ;-). But I guess if you take 
something from the path part and put it into the query part, you have 
to escape everything that is reserved in the query part but not in 
the path part (i.e. ":", "@", "&", "+", ",", "=", and "$").

Cheers,
Stefan

[1] The RFC seems to be inconsistent, it is not clear whether "=" is 
reserved in the path part or not.

Attachment: pgp4xZL9U1L_3.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#421820: ap_escape_uri() doesn't escape &-sign
  - From: "Thibaut VARENE" <varenet@debian.org>

Prev by Date: Re: Bug#421820: libapache2-mod-musicindex: Incorrect url-encoding of &-sign
Next by Date: Bug#421820: ap_escape_uri() doesn't escape &-sign
Previous by thread: Bug#423002: apache: The RLimitCPU directive doesn't act
Next by thread: Bug#421820: ap_escape_uri() doesn't escape &-sign
Index(es):
- Date
- Thread