urlencoded Forward slash is breaking URL
Apache denies all URLs with %2F
in the path part, for security reasons: scripts can't normally (ie. without rewriting) tell the difference between %2F
and /
due to the PATH_INFO
environment variable being automatically URL-decoded (which is stupid, but a long-standing part of the CGI specification so there's nothing can be done about it).
You can turn this feature off using the AllowEncodedSlashes
directive, but note that other web servers will still disallow it (with no option to turn that off), and that other characters may also be taboo (eg. %5C
), and that %00
in particular will always be blocked by both Apache and IIS. So if your application relied on being able to have %2F
or other characters in a path part you'd be limiting your compatibility/deployment options.
I am using urlencode() while preparing the search URL
You should use rawurlencode()
, not urlencode()
for escaping path parts. urlencode()
is misnamed, it is actually for application/x-www-form-urlencoded
data such as in the query string or the body of a POST request, and not for other parts of the URL.
The difference is that +
doesn't mean space in path parts. rawurlencode()
will correctly produce %20
instead, which will work both in form-encoded data and other parts of the URL.
Replace %2F with %252F after url encoding
PHP
function custom_http_build_query($query=array()){
return str_replace('%2F','%252F', http_build_query($query));
}
Handle the request via htaccess
.htaccess
RewriteCond %{REQUEST_URI} ^(.*?)(%252F)(.*?)$ [NC]
RewriteRule . %1/%3 [R=301,L,NE]
Resources
http://www.leakon.com/archives/865
In Apache, AllowEncodedSlashes On would prevent the request from being immediately rejected with a 404.
Just another idea on how to fix this.
$encoded_url = str_replace('%2F', '/', urlencode($url));
I had the same problem with slash in url get param, in my case following php code works:
$value = "hello/world"
$value = str_replace('/', '/', $value;?>
$value = urlencode($value);?>
# $value is now hello%26%2347%3Bworld
I first replace the slash by html entity and then I do the url encoding.