[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#421820: ap_escape_uri() doesn't escape &-sign

Apache behaves correctly (in principle). From RFC 2396 section 3.3:

'The path may consist of a sequence of path segments separated by a
single slash "/" character.  Within a path segment, the characters
"/", ";", "=", and "?" are reserved.' [1]

This means '&' is a reserved character only in the query part after 
the '?', but not before the '?' in the path part of the URL.

I am not sure how this helps you, though ;-). But I guess if you take 
something from the path part and put it into the query part, you have 
to escape everything that is reserved in the query part but not in 
the path part (i.e. ":", "@", "&", "+", ",", "=", and "$").


[1] The RFC seems to be inconsistent, it is not clear whether "=" is 
reserved in the path part or not.

Attachment: pgpUgwgrz6TR9.pgp
Description: PGP signature

Reply to: