Home Differentiate between encoded slashes %2f and non-encoded slashes / in $_GET Reply: 0 # Differentiate between encoded slashes %2f and non-encoded slashes / in$_GET

user1423
1#
user1423 Published in April 26, 2018, 9:02 pm
 I have an web application that perform routing using rewrite rules for .htaccess for Apache2. My .htaccess file has the following line: RewriteRule ^([A-Za-z]+)/([A-Za-z+-]+)/(.+)/?$index.php?controller=$1&action=$2¶ms=$3 [NC]  The above line successfully routes an URI, let's say example.com/book/display/Foo to example.com/index.php?controller=book&action=display¶ms=Foo. The problem is however that I'm exploding the $_GET['params'] in PHP using explode() and then pass the parameters as function arguments using call_user_func_array(). Thus, when I supply a parameter that include a slash, url encoded (using rawurlencode()) or not, explode() explodes the single parameter into two separate function arguments. Is there a way to differentiate between a encoded slash %2f and a non-encoded slash / in Apache/PHP, so that I can avoid exploding an argument into two strings? At the moment, when I enter the URI index.php?controller=book&action=display¶ms=foo%2fbar, PHP still thinks that $_GET['params'] contains foo/bar rather than foo%2fbar. Changing the value of AllowEncodedSlashes in Apache makes no difference.
 You need to login account before you can post.
Processed in 0.300283 second(s) , Gzip On .