php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #68729 http_build_query() should use RFC3986 escape as the default
Submitted: 2015-01-03 01:52 UTC Modified: 2021-09-12 04:22 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: yohgaki@php.net Assigned: cmb (profile)
Status: No Feedback Package: *URL Functions
PHP Version: Irrelevant OS: ANY
Private report: No CVE-ID: None
View Developer Edit
 [2015-01-03 01:52 UTC] yohgaki@php.net 
Description:
------------
It uses RFC 1738 (escape ' ' as +). It should use RFC 3986. i.e. escape ' ' as %20.
Since urldecode() decodes %20 to ' '. There is no BC issue.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-01-15 11:28 UTC] ppasindud at gmail dot com 
Then wouldn't it be same as rawurlencode, I am assuming that there is a reason to have two of those with slight differences.
 [2015-02-23 11:49 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2021-08-31 10:46 UTC] cmb@php.net
-Status: Assigned +Status: Feedback -Assigned To: yohgaki +Assigned To: cmb
 [2021-08-31 10:46 UTC] cmb@php.net 
> Since urldecode() decodes %20 to ' '. There is no BC issue.

Non sequitur.  While I agree that defaulting to PHP_QUERY_RFC1738
is a bit unfortunate nowadays, changing this default would cause a
subtle BC break; I doubt that it's worth it.  Are you still
planning to pursue this?
 [2021-09-12 04:22 UTC] php-bugs at lists dot php dot net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Jul 04 11:01:37 2025 UTC