PHP :: Request #72418 :: Special characters should be escaped as described in RFC in http_build

Special characters should be escaped as described in RFC in http_build_query

Submitted:

2016-06-15 16:08 UTC

Modified:

Votes:	4
Avg. Score:	3.5 ± 1.7
Reproduced:	3 of 4 (75.0%)
Same Version:	1 (33.3%)
Same OS:	1 (33.3%)

From:

thflori at gmail dot com

Assigned:

Status:

Open

Package:

*General Issues

PHP Version:

5.6.22

OS:

Linux 4.4

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	thflori at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-06-15 16:08 UTC] thflori at gmail dot com

Description:
------------
---
From manual page: http://www.php.net/function.http-build-query
---
The function http_build_query encodes special charaters that don't need to be encoded.

The problem here is that the query might get bigger than it has to be.

According to the RFC 1738 document mentioned in the manual these characters don't have to be encoded:
>   Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
>   reserved characters used for their reserved purposes may be used
>   unencoded within a URL.

Test script:
---------------
var_dump(http_build_query(['a' => '$-_.+!*\'(),']));

Expected result:
----------------
string(13) "a=$-_.+!*'(),"

Actual result:
--------------
string(29) "a=%24-_.%2B%21%2A%27%28%29%2C"

Patches

Pull Requests

Pull requests:

improves lookup-hack wrt. mysqli_stmt and mysqli_driver (fixes #66340) (systems/4)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-05-04 00:26 UTC]

The following pull request has been associated:

Patch Name: improves lookup-hack wrt. mysqli_stmt and mysqli_driver (fixes #66340)
On GitHub:  https://github.com/php/systems/pull/4
Patch:      https://github.com/php/systems/pull/4.patch

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Apr 29 22:01:26 2025 UTC