Development

AllowEncodedSlashes (diff)

You must first sign up to be able to contribute.

Changes from Version 1 of AllowEncodedSlashes

Show
Ignore:
Author:
jablko (IP: 70.71.179.155)
Timestamp:
09/23/09 20:48:06 (8 years ago)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AllowEncodedSlashes

    v0 v1  
     1Apache AllowEncodedSlashes directive is off by default, http://httpd.apache.org/docs/trunk/mod/core.html#allowencodedslashes 
     2 
     3This will result in a 404 error for any URLs with encoded slashes, %2f for / and %5c for \ on according systems 
     4 
     5Note that even when AllowEncodedSlashes is off, encoded slashes may appear in query strings without resulting in a 404 error 
     6 
     7symfony generates encoded slashes for parameter names or values containing slashes, e.g. $routing->generate(null, array('next' => '/module/action')); 
     8 
     9This is only a problem for parameters which are variables, e.g. 
     10 
     11{{{ 
     12example: 
     13  url: /example/:next 
     14}}} 
     15 
     16- or star parameters, e.g. 
     17 
     18{{{ 
     19example: 
     20  url: /example/* 
     21}}} 
     22 
     23Two possible workarounds are to enable AllowEncodedSlashes, or configure symfony routing such that parameter names or values which might contain slashes are generated in the query string instead of a variable or star parameter, i.e. 
     24 
     25 * /example/%2fmodule%2faction // Doesn't work 
     26 * /example/next/%2fmodule%2faction // Doesn't work 
     27 * /example?next=%2fmodule%2faction // Works 
     28 
     29To configure symfony routing, enable extra_parameters_as_query_string, which is off by default