go to bug id or search bugs for
When a perl script passes variables on the url in a "Location:" header, any %27s (apostrophes) are returned as \' (backslash apost). However, when doing a urldecode(urlencode("test'ing")), "test'ing" is returned. I kluged it with "$title = preg_replace("/\\\'/","'",urldecode($title))" for now. I've verified that the perl script is requesting "somescript.php?title=test%27ing" in the browser location bar, too.
I've seen the other reports of something similar to this (#1765, mainly), but it did not seem to address 'incoming' variables, just ones generated from other PHP scripts.
The files that this is happening with are not done well at all right now (UGLY!), but if they would be of use, please let me know.
Add a Patch
Add a Pull Request
Try to turn off magic_quotes. If this doesn't help, please repoen with a reproducing code.