urlen codeD正斜杠打破网址 [英] urlencoded Forward slash is breaking URL
问题描述
关于系统
我在我的项目格式的网址: -
<$p$p><$c$c>http://project_name/browse_by_exam/type/tutor_search/keyword/class/new_search/1/search_exam/0/search_subject/0
如果关键字/类对指搜索与阶级的关键字。
我有执行的项目中的每个模块一个共同的index.php文件。只有一个重写规则来从URL中删除的index.php: -
的RewriteCond $ l ^(指数\ .PHP |资源|机器人\ .TXT)!
的RewriteCond%{} REQUEST_FILENAME!-f
的RewriteCond%{} REQUEST_FILENAME!-d
重写规则^(。*)$的index.php [L,QSA]
我使用urlen code(),而preparing搜索网址和urlde code(),而读搜索URL。
问题
只有正斜杠字符被打破导致找不到404页面错误的URL。
例如,如果我搜索一/二的URL是
我该如何解决这个问题?我需要保持的index.php隐藏在URL中。否则,如果没有必要,就已经与斜线没有问题,我可以用这个网址: -
的http://project_name/index.php browse_by_exam /类型/ tutor_search /关键字/个
%2Ftwo / new_search / 1 / search_exam / 0 / search_subject / 0
谢谢
Sandeepan
阿帕奇拒绝所有的URL与%2F 路径中的一部分,出于安全方面的原因:脚本不能正常(即无需重写)告诉之间的差异%2F 和 / 由于 PATH_INFO 环境变量中自动进行URL德codeD(这是愚蠢的,但CGI规范的一个长期存在的一部分,所以没有什么可以做这件事)。
您可以通过关闭此功能的<一个href="http://httpd.apache.org/docs/2.2/mod/core.html#allowen$c$cdslashes"><$c$c>AllowEn$c$cdSlashes指令,但请注意,其他Web服务器仍然会禁止它(没有选择把它们关掉),而且其他角色也可能是禁忌(如%5C ),和 00%特别总是会阻止Apache和IIS。所以,如果您的应用程序依赖于能够有%2F 或者在路部分你会限制你的兼容性/部署选项其它字符。
我使用urlen code(),而preparing搜索网址
您应该使用 rawurlen code() ,不是 urlen code()为逃避路部分。 urlen code()是名不副实的,它实际上是应用程序/ x-WWW的形式urlen codeD 的数据,如在查询字符串或POST请求的主体中,而不是用于该URL的其它部分。
不同的是 + 并不意味着空间中的路径的部分。 rawurlen code()将正确地产生%20 而是将工作无论在形式上恩codeD数据和URL的其他部分。
About the system
I have URLs of this format in my project:-
http://project_name/browse_by_exam/type/tutor_search/keyword/class/new_search/1/search_exam/0/search_subject/0
Where keyword/class pair means search with "class" keyword.
I have a common index.php file which executes for every module in the project. There is only a rewrite rule to remove the index.php from URL:-
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]
I am using urlencode() while preparing the search URL and urldecode() while reading the search URL.
Problem
Only the forward slash character is breaking URLs causing 404 page not found error.
For example, if I search one/two the URL is
http://project_name/browse_by_exam/type/tutor_search/keyword/one%2Ftwo/new_search/1/search_exam/0/search_subject/0/page_sort/
How do I fix this? I need to keep index.php hidden in the URL. Otherwise, if that was not needed, there would have been no problem with forward slash and I could have used this URL:-
http://project_name/index.php?browse_by_exam/type/tutor_search/keyword/one
%2Ftwo/new_search/1/search_exam/0/search_subject/0
Thanks,
Sandeepan
Apache denies all URLs with %2F in the path part, for security reasons: scripts can't normally (ie. without rewriting) tell the difference between %2F and / due to the PATH_INFO environment variable being automatically URL-decoded (which is stupid, but a long-standing part of the CGI specification so there's nothing can be done about it).
You can turn this feature off using the AllowEncodedSlashes directive, but note that other web servers will still disallow it (with no option to turn that off), and that other characters may also be taboo (eg. %5C), and that %00 in particular will always be blocked by both Apache and IIS. So if your application relied on being able to have %2F or other characters in a path part you'd be limiting your compatibility/deployment options.
I am using urlencode() while preparing the search URL
You should use rawurlencode(), not urlencode() for escaping path parts. urlencode() is misnamed, it is actually for application/x-www-form-urlencoded data such as in the query string or the body of a POST request, and not for other parts of the URL.
The difference is that + doesn't mean space in path parts. rawurlencode() will correctly produce %20 instead, which will work both in form-encoded data and other parts of the URL.
这篇关于urlen codeD正斜杠打破网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
