PHP :: Request #72418 :: Special characters should be escaped as described in RFC in http_build_query
php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #72418 Special characters should be escaped as described in RFC in http_build_query
Submitted: 2016-06-15 16:08 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: thflori at gmail dot com Assigned:
Status: Open Package: *General Issues
PHP Version: 5.6.22 OS: Linux 4.4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: thflori at gmail dot com
New email:
PHP Version: OS:

 

 [2016-06-15 16:08 UTC] thflori at gmail dot com
Description:
------------
---
From manual page: http://www.php.net/function.http-build-query
---
The function http_build_query encodes special charaters that don't need to be encoded.

The problem here is that the query might get bigger than it has to be.

According to the RFC 1738 document mentioned in the manual these characters don't have to be encoded:
>   Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
>   reserved characters used for their reserved purposes may be used
>   unencoded within a URL.

Test script:
---------------
var_dump(http_build_query(['a' => '$-_.+!*\'(),']));

Expected result:
----------------
string(13) "a=$-_.+!*'(),"

Actual result:
--------------
string(29) "a=%24-_.%2B%21%2A%27%28%29%2C"

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Aug 14 08:01:25 2018 UTC