PHP :: Request #72418 :: Special characters should be escaped as described in RFC in http_build

Special characters should be escaped as described in RFC in http_build_query

Submitted:

2016-06-15 16:08 UTC

Modified:

Votes:	3
Avg. Score:	3.0 ± 1.6
Reproduced:	2 of 3 (66.7%)
Same Version:	1 (50.0%)
Same OS:	0 (0.0%)

From:

thflori at gmail dot com

Assigned:

Status:

Open

Package:

*General Issues

PHP Version:

5.6.22

OS:

Linux 4.4

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	thflori at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-06-15 16:08 UTC] thflori at gmail dot com

Description:
------------
---
From manual page: http://www.php.net/function.http-build-query
---
The function http_build_query encodes special charaters that don't need to be encoded.

The problem here is that the query might get bigger than it has to be.

According to the RFC 1738 document mentioned in the manual these characters don't have to be encoded:
>   Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
>   reserved characters used for their reserved purposes may be used
>   unencoded within a URL.

Test script:
---------------
var_dump(http_build_query(['a' => '$-_.+!*\'(),']));

Expected result:
----------------
string(13) "a=$-_.+!*'(),"

Actual result:
--------------
string(29) "a=%24-_.%2B%21%2A%27%28%29%2C"

Patches

Add a Patch

Pull Requests

Pull requests:

improves lookup-hack wrt. mysqli_stmt and mysqli_driver (fixes #66340) (systems/4)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-05-04 00:26 UTC]

The following pull request has been associated:

Patch Name: improves lookup-hack wrt. mysqli_stmt and mysqli_driver (fixes #66340)
On GitHub:  https://github.com/php/systems/pull/4
Patch:      https://github.com/php/systems/pull/4.patch

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 13:01:29 2024 UTC