php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65190 Bug: ampersand "&" not removed completely "amp;" in query string!
Submitted: 2013-07-03 07:24 UTC Modified: 2013-07-03 07:51 UTC
From: remoteshaman dot com at gmail dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 5.3.26 OS: CentOS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: remoteshaman dot com at gmail dot com
New email:
PHP Version: OS:

 

 [2013-07-03 07:24 UTC] remoteshaman dot com at gmail dot com 
Description:
------------
Bug: ampersand "&" not removed completely "amp;" in query string!


Test script:
---------------
<?php
// If insert in broser string "?f=c3c0e998b57b4a2b8046f12a89dfff49-cache-plg_jch_optimize-e9898cc42c78127028aba1dab284f305&amp;type=js&amp;d=30" and print_r($_REQUEST) we get this result:

// Array
// (
    // [f] => 2041e3cc488db092b567b7fa14ea5c66-cache-plg_jch_optimize-35c9937b8d9d493d64405d18f2d6f5aa
    // [amp;type] => js
    // [amp;d] => 30
// )

// Bug: ampersand "&amp;" not removed completely "amp;"!

// or this a feature?:))

Patches

remoteshaman.com (last revision 2013-07-03 07:26 UTC by remoteshaman dot com at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-03 07:51 UTC] rasmus@php.net
-Status: Open +Status: Not a bug
 [2013-07-03 07:51 UTC] rasmus@php.net 
The default arg_seperator is just &
You can set it to &amp; in your ini if you like.
 [2013-07-03 10:18 UTC] remoteshaman dot com at gmail dot com 
this string "?f=c3c0e998b57b4a2b8046f12a89dfff49-cache-plg_jch_optimize-e9898cc42c78127028aba1dab284f305&amp;type=js&amp;d=30" get and print_r($_REQUEST) after set (php_flag arg_separator.input "&amp;") in .htaccess
------------------------------
Array
(
    [f] => 2
    [41e3cc488db] => 
    [92b567b7fa14ea5c66-cache-plg_jch_optimize-] => 
    [ab5] => 
    [adafe538259f] => 
    [d7936372397432&type] => css&d=3
)
------------------------------

this string "?f=c3c0e998b57b4a2b8046f12a89dfff49-cache-plg_jch_optimize-e9898cc42c78127028aba1dab284f305&amp;type=js&amp;d=30" get and print_r($_REQUEST) after set (php_value arg_separator.input "&amp;") in .htaccess
------------------------------
Array
(
    [f] => 2041e3cc488db092b567b7f
    [14e] => 
    [5c66-c] => 
    [che-] => 
    [lg_jch_o] => 
    [ti] => 
    [ize-0] => 
    [b50] => 
    [d] => 30
    [fe538259f0d7936372397432] => 
    [ty] => 
    [e] => css
)
------------------------------
 [2013-07-03 10:26 UTC] remoteshaman dot com at gmail dot com 
And "arg_sepErator" this a not directive!:) and "arg_sepArator" so - have "arg_separator.output" and "arg_separator.input" but this not solved issue!
 [2013-07-03 13:34 UTC] anon at anon dot anon 
Yes it's not a bug, it's a feature. `&amp;` is an HTML thing. It has nothing to do with query strings except when you're encoding them in HTML, which you're not; you're just putting the `&amp;` literally into the URL. It doesn't belong there. Remove it.
 [2013-07-03 18:45 UTC] remoteshaman dot com at gmail dot com 
anon - "Yes it's not a bug, it's a feature", "arg_sepErator" is also feature?:) Ok... I understood that all to spit.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat May 03 14:01:30 2025 UTC