Thanks Scott, I did a fair bit of Googling and searching but managed to not type the right query to help me find that issue.<div><br clear="all"><div>Kevin O&#39;Brien<div>Drupal Developer</div><div><a href="http://www.coderintherye.com" target="_blank">http://www.coderintherye.com</a></div>
<div>415-754-0112</div></div>
<br><br><div class="gmail_quote">On Fri, Mar 22, 2013 at 5:00 AM,  <span dir="ltr">&lt;<a href="mailto:development-request@drupal.org" target="_blank">development-request@drupal.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Send development mailing list submissions to<br>
        <a href="mailto:development@drupal.org">development@drupal.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="http://lists.drupal.org/mailman/listinfo/development" target="_blank">http://lists.drupal.org/mailman/listinfo/development</a><br>
or, via email, send a message with subject or body &#39;help&#39; to<br>
        <a href="mailto:development-request@drupal.org">development-request@drupal.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:development-owner@drupal.org">development-owner@drupal.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than &quot;Re: Contents of development digest...&quot;<br>
<br>
<br>
Today&#39;s Topics:<br>
<br>
   1. rawurlencode vs. urlencode in drupal_http_build_query     and<br>
      drupal_encode_path (Kevin O)<br>
   2. Re: rawurlencode vs. urlencode in drupal_http_build_query and<br>
      drupal_encode_path (Scott Reynen)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 21 Mar 2013 20:22:28 -0700<br>
From: Kevin O &lt;<a href="mailto:nowarninglabel@gmail.com">nowarninglabel@gmail.com</a>&gt;<br>
Subject: [development] rawurlencode vs. urlencode in<br>
        drupal_http_build_query and drupal_encode_path<br>
To: <a href="mailto:development@drupal.org">development@drupal.org</a><br>
Message-ID:<br>
        &lt;CAKHOBFM=NLv+7QWEQ01L208TaB7YBt=<a href="mailto:2QpYvEBp0n9iP3hjPEA@mail.gmail.com">2QpYvEBp0n9iP3hjPEA@mail.gmail.com</a>&gt;<br>
Content-Type: text/plain; charset=&quot;iso-8859-1&quot;<br>
<br>
Howdy folks. Due to some draconian anti-SQL injection filters in our<br>
firewall software, I&#39;m exploring how a few things work with url building in<br>
Drupal 7 &amp; 8. A particular firewall rule is rejecting %20and%20 which<br>
unfortunately comes up fairly often with searches and webform, because both<br>
urls for those get encoded in that way.<br>
<br>
Now, this filtering is not of course Drupal&#39;s problem, but in tracking this<br>
down, I found that basically, drupal_http_build_query and<br>
drupal_encode_path use rawurlencode and thus change spaces to %20. The<br>
space change and the lack of encoding the ~ seem to be the only difference<br>
between rawurlencode and urlencode in PHP. (further info here<br>
<a href="http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode" target="_blank">http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode</a> )<br>
<br>
Since drupal_http_build_query was introduced in D7 as was<br>
drupal_encode_path they both seem to have always used rawlurlencode,<br>
however the previous function for the latter was drupal_urlencode which was<br>
a wrapper for urlencode.<br>
<br>
Does anyone know why we switched to using rawurlencode instead of<br>
urlencode? Does anyone have thoughts on switching back to urlencode? I<br>
could just go file a feature request for this, but wanted to get a feel for<br>
the history and reasons for this change first.<br>
<br>
Thanks!<br>
<br>
Cheers,<br>
Kevin O&#39;Brien<br>
Drupal Developer<br>
<a href="http://www.coderintherye.com" target="_blank">http://www.coderintherye.com</a><br>
<a href="tel:415-754-0112" value="+14157540112">415-754-0112</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.drupal.org/pipermail/development/attachments/20130321/ec66ca1d/attachment-0001.html" target="_blank">http://lists.drupal.org/pipermail/development/attachments/20130321/ec66ca1d/attachment-0001.html</a><br>

<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 21 Mar 2013 22:16:21 -0600<br>
From: Scott Reynen &lt;<a href="mailto:scott@slicedbreadlabs.com">scott@slicedbreadlabs.com</a>&gt;<br>
Subject: Re: [development] rawurlencode vs. urlencode in<br>
        drupal_http_build_query and drupal_encode_path<br>
To: <a href="mailto:development@drupal.org">development@drupal.org</a><br>
Message-ID: &lt;<a href="mailto:514BDB15.1070008@slicedbreadlabs.com">514BDB15.1070008@slicedbreadlabs.com</a>&gt;<br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
I wasn&#39;t around when this happened, but the history is all documented<br>
and searchable, so it didn&#39;t take too long to find an answer. While<br>
drupal_urlencode() was a wrapper for urlencode() in D5, it became a<br>
wrapper for rawurlencode() in D6. Here&#39;s the commit:<br>
<br>
<a href="http://drupalcode.org/project/drupal.git/commitdiff/f68f52540107a625f326448f413bc323e2138f31" target="_blank">http://drupalcode.org/project/drupal.git/commitdiff/f68f52540107a625f326448f413bc323e2138f31</a><br>
<br>
And here&#39;s the related issue with discussion of why that change was made:<br>
<br>
<a href="http://drupal.org/node/191116" target="_blank">http://drupal.org/node/191116</a><br>
<br>
--<br>
Scott Reynen<br>
Sliced Bread Labs<br>
<br>
On 3/21/13 9:22 PM, Kevin O wrote:<br>
&gt; Howdy folks. Due to some draconian anti-SQL injection filters in our<br>
&gt; firewall software, I&#39;m exploring how a few things work with url building<br>
&gt; in Drupal 7 &amp; 8. A particular firewall rule is rejecting %20and%20 which<br>
&gt; unfortunately comes up fairly often with searches and webform, because<br>
&gt; both urls for those get encoded in that way.<br>
&gt;<br>
&gt; Now, this filtering is not of course Drupal&#39;s problem, but in tracking<br>
&gt; this down, I found that basically, drupal_http_build_query and<br>
&gt; drupal_encode_path use rawurlencode and thus change spaces to %20. The<br>
&gt; space change and the lack of encoding the ~ seem to be the only<br>
&gt; difference between rawurlencode and urlencode in PHP. (further info here<br>
&gt; <a href="http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode" target="_blank">http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode</a> )<br>
&gt;<br>
&gt; Since drupal_http_build_query was introduced in D7 as was<br>
&gt; drupal_encode_path they both seem to have always used rawlurlencode,<br>
&gt; however the previous function for the latter was drupal_urlencode which<br>
&gt; was a wrapper for urlencode.<br>
&gt;<br>
&gt; Does anyone know why we switched to using rawurlencode instead of<br>
&gt; urlencode? Does anyone have thoughts on switching back to urlencode? I<br>
&gt; could just go file a feature request for this, but wanted to get a feel<br>
&gt; for the history and reasons for this change first.<br>
&gt;<br>
&gt; Thanks!<br>
&gt;<br>
&gt; Cheers,<br>
&gt; Kevin O&#39;Brien<br>
&gt; Drupal Developer<br>
&gt; <a href="http://www.coderintherye.com" target="_blank">http://www.coderintherye.com</a><br>
&gt; <a href="tel:415-754-0112" value="+14157540112">415-754-0112</a><br>
<br>
<br>
<br>
<br>
------------------------------<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
[ Drupal development list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
<br>
End of development Digest, Vol 123, Issue 3<br>
*******************************************<br>
</font></span></blockquote></div><br></div>