Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.15

Bug #2334 square brackets in var names are not encoded
Submitted: 2004-09-14 22:26 UTC Modified: 2006-12-26 23:38 UTC
From: alexei at net24 dot co dot nz Assigned: richard
Status: Closed Package: Net_URL
PHP Version: 5.0.1 OS: freebsd
Roadmaps: (Not assigned)    
Subscription  


 [2004-09-14 22:26 UTC] alexei at net24 dot co dot nz
Description: ------------ Square brackets considered unsafe by rfc1738 are not encoded when in variable name. Reproduce code: --------------- $var=array(1,2,3,4,5); $url=new Net_URL(); $url->addQueryString($var); echo $url->getUrl(); Expected result: ---------------- http://example.com/example.php?var[0]=1&var[1]=2&var[2]=3&var[3]=4&var[4]=5 Actual result: -------------- http://example.com/example.php?var%5B%5D=1&var%5B%5D=2&var%5B%5D=3&var%5B%5D=4&var%5B%5D=5

Comments

 [2004-09-14 22:27 UTC] alexei at net24 dot co dot nz
sorry, other way around Expected result: ---------------- http://example.com/example.php?var%5B%5D=1&var%5B%5D=2&var%5B%5D=3&var%5 B%5D=4&var%5B%5D=5 Actual result: -------------- http://example.com/example.php?var[0]=1&var[1]=2&var[2]=3&var[3]=4&var[4 ]=5
 [2004-09-14 22:35 UTC] alexei at net24 dot co dot nz
infact variable names are not encoded at all
 [2004-10-11 16:03 UTC] aaron dot hawley at uvm dot edu
Here's a potential patch to be applied to function Net_URL::getQueryString @@ -275,12 +275,12 @@ foreach ($this->querystring as $name => $value) { if (is_array($value)) { foreach ($value as $k => $v) { - $querystring[] = $this->useBrackets ? sprintf('%s[%s]=%s', $name, $k, $v) : ($name . '=' . $v); + $querystring[] = $this->useBrackets ? (urlencode(sprintf('%s[%s]', $name, $k)) . '=' . $v) : (urlencode($name) . '=' . $v); } } elseif (!is_null($value)) { - $querystring[] = $name . '=' . $value; + $querystring[] = urlencode($name) . '=' . $value; } else { - $querystring[] = $name; + $querystring[] = urlencode($name); } } $querystring = implode(ini_get('arg_separator.output'), $querystring); http://www.uvm.edu/~ashawley/php/Net_URL.php-bug-2334.diff-c
 [2005-03-01 22:41 UTC] richard
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better.