Apache的mod_rewrite％2B和正（+）符号 [英] Apache mod_rewrite %2B and plus (+) signs

问题描述

我使用的Apache / mod_rewrite的重写网址，但我有加号的问题。

I'm using apache / mod_rewrite to re-write URLs but I am having problems with the plus sign.

通过以​​下规则。

RewriteRule ^/(.+[^/])/?$ http://localhost:8080/app/home?tag=$1 [P,L] 

两个：

http://localhost/1+1 and http://localhost/1%2B2

最终成为

uri=http://localhost:8080/app/home, args=tag=1+2

因此​​，在两种情况下，应用程序转换的加号到空间，因此它不能空格和加上标志区分了。

So in both cases the application translates the plus sign into a space so it cannot differentiate between spaces and plus signs anymore.

如果我用的是B标志，则在这两种情况下的+号被翻译成％2B和应用程序相同的问题结束了，但逆转（包括空格和加号是加号）

If I use the "B" flag, then in both cases the + signs are translated into %2B and the application ends up with the same problem but reversed (both spaces and plus signs are plus signs)

有没有办法让Apache的正确逃生％2B为加号，而不是一个空间？

Is there a way to get apache to properly escape %2B into a plus sign and not a space?

我看了一些关于mod_security的，但我没有使用，所以我不知道是否有导致此其他一些安全机制？

I read something about mod_security but I am not using that so I am not sure if there is some other security mechanism that is causing this?

任何帮助将大大AP preciated！

Any help would be greatly appreciated!

推荐答案

没有，这是不太一样的引用问题。这里的问题是特别加号和答案<一href=\"http://stackoverflow.com/questions/4215673/apache-mod-rewrite-spcaes-special-characters-in-url-not-working\">Apache: mod_rewrite的：Spcaes＆放大器;在URL中的特殊字符不工作不解决这个问题。

No, this isn't quite the same as the referenced question. The problem here is specifically plus signs and the answer to Apache: mod_rewrite: Spcaes & Special Characters in URL not working doesn't address that.

还有用斜杠的问题，为此，请参见 http://httpd.apache.org/docs/current/mod/core.html#allowen$c$cdslashes
（但你需要访问Apache的配置这样做 - 的.htaccess不会做）

There's also an issue with slashes, for which see http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes (but you do need access to the Apache config to do this - .htaccess won't do).

在事实上，它是的无法的单独使用一个重写规则来做。阿帕奇德codeS把它通过重写前的URL，但不明白加号：的 http://example.com/a+b.html 不会提供一个名为

In fact it is impossible to do using a rewrite rule alone. Apache decodes the URL before putting it through rewrite, but it doesn't understand plus signs: http://example.com/a+b.html wouldn't deliver a file called

一个b.html。

加号是德codeD由PHP到$ _GET数组（或任何相关语言机制）的查询字符串，因为在浏览器表单处理程序把他们。所以Apache会％2B转换为+前应用重写，并独自离开+本身，这意味着你不能分辨出来。

The plus signs are decoded by PHP into the $_GET array (or whatever the relevant language mechanism is) for query strings, because form handlers in browsers put them in. So Apache will translate %2B to + before applying the rewrite, and leave + itself alone, meaning you can't tell the difference.

当然，人们可以说，+作为空间是这样简单的URL无效，应该只使用20％。不过，如果你没有对他们产生的控制，你一定会看到它们。浏览器将无法生成它们虽然自动。

Of course, one could argue that + used as space is simply invalid in such URLs and one should use only %20. However, if you don't have control over generating them, you're bound to see them. Browsers won't generate them automatically though.

答案是DIY，而且在许多方面更predictable和简单的：

The answer is DIY, and in many ways it is more predictable and simpler:

重写规则。*的index.php [L]

RewriteRule .* index.php [L]

因此​​一切都变成index.php文件，有没有尝试构建一个查询字符串。如果要排除某些模式，例如那些在斜线，或明确的文件确实存在，明显的修改适用。例如
  的RewriteCond％{} REQUEST_FILENAME！-f

Hence everything turns into index.php and there's no attempt to construct a query string. If you want to exclude certain patterns, e.g. those with slashes in, or where an explicit file does exist, the obvious amendments apply. e.g. RewriteCond %{REQUEST_FILENAME} !-f

在随后的index.php

Then in index.php

$ URI = SUBSTR（$ _ SERVER ['REQUEST_URI']，1）; //删除斜线

$uri = substr($_SERVER['REQUEST_URI'], 1); // remove leading slash

$ qmpos = strpos（'？'$ URI，）; //有一个问号，如果是这样，其中

$qmpos = strpos($uri, '?'); // is there a question mark, if so where

如果（$ qmpos ==假的！）{$ URI = SUBSTR（$ URI，0，$ qmpos）; } //只有前q.m。该位

if ($qmpos !== FALSE) { $uri = substr($uri, 0, $qmpos); } // only the bit before q.m.

$德codeD = urlde code（$ URI）; //德code中的一部分，在URL之前

$decoded = urldecode($uri); // decode the part before the URL

如果（空（$德codeD）！）{$ _GET ['ARGS'] = $德codeD; } //添加结果$ _GET

if (! empty($decoded)) { $_GET['args'] = $decoded; } // add result to $_GET

这是德codeS中的原始的请求（不包括前导斜杠 - 会如果你是更深上下层级会稍有不同，但原理是一样的 - 不包括任何额外的查询字符串）和德codeS args参数根据PHP的正常规则，并把它变成$ _GET这样你就可以随着$ _GET查询字符串参数通常的方式，其余处理。

That decodes the original request (excluding the leading slash - would be slightly different if you're deeper down a hierarchy, but the principle is the same - and excluding any additional query string), and decodes the args parameter according to PHP's normal rules and puts it into $_GET so you can process it along with the rest of the $_GET query string parameters in the usual way.

相信这应为空的URL（http://example.com/）或那些仅具有一个查询字符串（http://example.com/?foo=1），以及简单的情况下工作（http://example.com/bar），并用一个查询字符串的情况下，以及（http://example.com/bar?foo=1）。毫无疑问，类似的做法会为其他语言。

I believe this should work for empty URLs (http://example.com/) or those which only have a query string (http://example.com/?foo=1), as well as the simple case (http://example.com/bar) and the case with a query string as well (http://example.com/bar?foo=1). No doubt similar approaches will work for other languages.

在您的特定情况下，你其实不想在PHP的长处去codeD都没有。这很好，使用rawurlde code来代替，这没有做的长处。

In your particular case, you actually don't want the pluses decoded in the PHP at all. That's fine, use rawurldecode instead, which doesn't do pluses.

这篇关于Apache的mod_rewrite％2B和正（+）符号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！