[英]php seems to automatically url decode…How can I prevent this:
Request POST (via javascript) giftcard_number:%120213001? 请求POST(通过javascript)giftcard_number:%120213001?
Response 0213001? 回复0213001?
It seems %12 is being converted to nothing. 似乎%12被转换为空。
NOTE: I am using the codeingiter framework and have tried turning off global xss filter and accessing $_POST directly and still have the problem. 注意:我正在使用编码器框架并尝试关闭全局xss过滤器并直接访问$ _POST仍然有问题。 Does anyone know if codeigniter modifies $_POST?
有没有人知道codeigniter是否会修改$ _POST?
I have tracked the problem down to system/core/common.php --> remove_invisible_characters 我已将问题跟踪到system / core / common.php - > remove_invisible_characters
function remove_invisible_characters($str, $url_encoded = TRUE)
{
$non_displayables = array();
// every control character except newline (dec 10)
// carriage return (dec 13), and horizontal tab (dec 09)
if ($url_encoded)
{
$non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
$non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
}
$non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
do
{
$str = preg_replace($non_displayables, '', $str, -1, $count);
}
while ($count);
return $str;
}
Can anyone think of a workaround? 谁能想到一个解决方法? Do you consider this a bug in the framework?
你认为这是框架中的错误吗?
EDIT: A way to get the raw value without is to use the $_REQUEST variable 编辑:一种获取原始值的方法是使用$ _REQUEST变量
The % character is used in URL encoding . %字符用于URL编码 。 So you either need to remove the % before sending the string to the server (which is what I would recommend), or else URL-encode the string and deal with the extra characters on the server end.
因此,您需要在将字符串发送到服务器之前删除%(这是我建议的),否则对字符串进行URL编码并处理服务器端的额外字符。
CodeIgniter is doing the perfectly logical thing in removing the %12, since it appears to be a URL-encoded control character. CodeIgniter在删除%12时完全符合逻辑,因为它似乎是一个URL编码的控制字符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.