Thanks Scott, I did a fair bit of Googling and searching but managed to not type the right query to help me find that issue. Kevin O'Brien Drupal Developer http://www.coderintherye.com 415-754-0112 On Fri, Mar 22, 2013 at 5:00 AM, <development-request@drupal.org> wrote:

Send development mailing list submissions to development@drupal.org

To subscribe or unsubscribe via the World Wide Web, visit http://lists.drupal.org/mailman/listinfo/development or, via email, send a message with subject or body 'help' to development-request@drupal.org

You can reach the person managing the list at development-owner@drupal.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of development digest..."

Today's Topics:

1. rawurlencode vs. urlencode in drupal_http_build_query and drupal_encode_path (Kevin O) 2. Re: rawurlencode vs. urlencode in drupal_http_build_query and drupal_encode_path (Scott Reynen)

----------------------------------------------------------------------

Message: 1 Date: Thu, 21 Mar 2013 20:22:28 -0700 From: Kevin O <nowarninglabel@gmail.com> Subject: [development] rawurlencode vs. urlencode in drupal_http_build_query and drupal_encode_path To: development@drupal.org Message-ID: <CAKHOBFM=NLv+7QWEQ01L208TaB7YBt= 2QpYvEBp0n9iP3hjPEA@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"

Howdy folks. Due to some draconian anti-SQL injection filters in our firewall software, I'm exploring how a few things work with url building in Drupal 7 & 8. A particular firewall rule is rejecting %20and%20 which unfortunately comes up fairly often with searches and webform, because both urls for those get encoded in that way.

Now, this filtering is not of course Drupal's problem, but in tracking this down, I found that basically, drupal_http_build_query and drupal_encode_path use rawurlencode and thus change spaces to %20. The space change and the lack of encoding the ~ seem to be the only difference between rawurlencode and urlencode in PHP. (further info here http://stackoverflow.com/questions/996139/php-urlencode-vs-rawurlencode )

Since drupal_http_build_query was introduced in D7 as was drupal_encode_path they both seem to have always used rawlurlencode, however the previous function for the latter was drupal_urlencode which was a wrapper for urlencode.

Does anyone know why we switched to using rawurlencode instead of urlencode? Does anyone have thoughts on switching back to urlencode? I could just go file a feature request for this, but wanted to get a feel for the history and reasons for this change first.

Thanks!

Cheers, Kevin O'Brien Drupal Developer http://www.coderintherye.com 415-754-0112