发表新帖
发表新帖

How do you configure Apache/PHP to accept slashes in query strings?

后端 未结
关注
7 463
太阳男子
太阳男子 2020-12-10 17:55

I have two Apache servers running PHP. One accepts forward-slashes in the query string and passes it along to PHP in the expected way, for example:

http://server
相关标签:
7条回答
  • 旧时难觅i
    2020-12-10 18:30

    A few posts here suggest the OP's usage is wrong, which is false.

    Expanding on Sam152's comment, query strings are allowed to contain both ? and / characters, see section 3.4 of http://www.ietf.org/rfc/rfc3986.txt, which is basically the spec written by Tim Berners-Lee and friends governing how the web should operate.

    The problem is that poorly written (or poorly configured, or misused) parsers interpret query string slashes as separating path components.

    I have seen examples of PHP's pathinfo function being used to parse URL's. Pathinfo wasn't written to parse a URL. You can however extract the path using parse_url then use fileinfo to retrieve details from the path. You will see that parse_url handles / and ? in query strings just fine.

    In any case, the overall problem is that this area is poorly understood all-round, even among experienced developers, and most people (myself included until recently) just assume that anything after the filename has to be urlencoded, which is patently false if you take the standards into consideration.

    tl;dr Read the spec :)

    0 讨论(0)
  • 悲&欢浪女
    2020-12-10 18:33

    Do you have mod_security installed? See this thread:

    403 Forbidden on PHP page called with url encoded in a $_GET parameter

    0 讨论(0)
  • 夕颜
    2020-12-10 18:45

    http://server/index.php?url=http://foo.bar is not a valid url. You have to encode the slashes. I think browsers do this automagically, so maybe you were testing with different browsers?

    Or perhaps it's the AllowEncodedSlashes setting?

    0 讨论(0)
  • 孤街浪徒
    2020-12-10 18:45

    You dont specify what PHP does with this url. Does it redirect to this page or try to read it?

    There is probably some mod_rewrite rule to remove double slashes, or for some other purpose, which tries to redirect this to somewhere it should not.

    Maybe a regex without ^ before http://

    0 讨论(0)
  • 孤独总比滥情好
    2020-12-10 18:49

    In your Apache config:

    AllowEncodedSlashes On

    See the documentation for more information:
    http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

    Edit: Hmm, this may be what you already have working... I had this same problem, and what ended up fixing it for me was to just use $_SERVER['REQUEST_URI'] as that had the data I needed.

    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-10 18:51

    Note that if the query string is properly URL-escaped (i.e. with %2F instead of forward-slash), then everything works.

    So it works when the query string is properly formatted and doesn't work when it isn't. What's the problem?

    0 讨论(0)
 看不清?
提交回复
热议问题