It did add input hidden field in my forms and one of my form has method="get". The problem I got when submitting this bug is that I was using urlrewriter to write a value like "N/A". there is maybe details that I forgot, but that is a good start and I can always help think further (and validate the logic) if someone handle this case html escape the name and value as it should be no url escaping, should not be done here! html escape what we output (since they are always in html value zone) Where '&' is the argument separator (and if doing so, we won't need to put html in an arg separator value!!! which at first did not make sense, even thought there is maybe reason, especially now that people rely on it.). "?" if not defined (already doing this)
When rewriting an URL, append to the original url (that one should have been espaced properly by the user): Resume of the behavior I would expect (written in notes+pseudo/php code) (if my ideas get implemented, then there will need to be a way to guide this behavior while staying backward compatible.)Įxemple #2: (with html special characters) it won't be a smart idea to automaticelly make it looks like & (after html escaping it). But I believe it should be fixed right.Īlso unfortunately doing an htmlspecialchars "smart" encoding might get problematic, since a lot of people probably use the "arg_separator.output = &" hack for XHTML compliance. However, if we use special characters in any of these, that can cause some problems.įor now it looks like we should avoid special character in name or value and maybe there is reason for this behavior beyond what I am thinking right now. Someone using a name, value pair that don't contain any html or url special characters won't notice anything. On top of that, while writing this, I found it won't htmlspecialchars() what it write (in no case) // which is probably why we need to change the arg_separator.output like this "ini_set('arg_separator.output', '&') "
It will not urlencode() the name when writing the name in a form input tag It will urlencode() the value when writing the value in a form input tag It will create input hidden field after the form tag. It will not urlencode() the name when rewriting an URL It will urlencode() the value when rewriting an URL When using PHP's url_rewriter (with output_add_rewrite_var) I have noticed it does this:
0 kommentar(er)
