使用Apache正确转义URL中的%
[英]Correct escaping of % in the URL with Apache
问题描述
I have a Django project where I have a search page which takes input through a POST and redirect to /search/<search string>/ and this page renders the result. 
我有一个Django项目,其中有一个搜索页面,该页面通过POST接收输入并重定向到/search/<search string>/并且此页面呈现结果。 The percentage sign (%) is used as a wildcard in the search (tes%er returns testuser, tester, etc and the url looks like this then: example.com/search/tes%25er/ ) and everything works fine with the Django development server. 百分号(%)在搜索中用作通配符(tes%er返回testuser,tester等,然后url如下所示: example.com/search/tes%25er/ ),并且一切都可以在Django上正常运行开发服务器。 If I manually write tes%er in the url it changes to tes%25er automatically. 如果我在网址中手动写入tes%er,它将自动更改为tes%25er。
Now I'm deploying on an Apache server with mod_wsgi and when my search page redirects to example.com/search/tes%er/ I get the server error: Bad Request. Your browser sent a request that this server could not understand. 现在,我使用mod_wsgi在Apache服务器上进行部署,当我的搜索页面重定向到example.com/search/tes%er/我收到服务器错误: Bad Request. Your browser sent a request that this server could not understand. Bad Request. Your browser sent a request that this server could not understand. . 。 If I manually add '25' to the url, like the encoded % sign so it looks like the development server it works fine. 如果我在网址中手动添加“ 25”(如编码的%符号),则它看起来像开发服务器一样,可以正常工作。
Is there a way for Apache to automatically escape the %-sign and create a url that works, understand % unescaped or do I need to do ugly hacks in my search page that builds the url? Apache是否有一种方法可以自动转义%符号并创建可以正常工作的url,了解未转义的%,或者我需要在构建该URL的搜索页面中进行难看的修改? (I'd rather not do ugly hacks like this cause then the users can't manually add % to the url and get it to work). (我不想像这样造成丑陋的骇客,然后用户无法将%手动添加到url并使其正常工作)。
Edit : The code that sends the query from the search page to the search url. 编辑 :将查询从搜索页面发送到搜索URL的代码。
if form.is_valid():
if 'search_user' in request.POST:
q = request.POST['search_user']
return redirect('/search/'+q)
1 个解决方案
解决方案1
1 已采纳 2012-05-11 14:14:55
As Ignacio already suggested, you should not redirect to an invalid url. 正如Ignacio所建议的那样,您不应重定向到无效的URL。 So to answer your question: 因此,回答您的问题:
you can (or perhaps its better to say 'should') not ask your Apache server to escape your url. 您可以(或者最好说“应该”)不要求您的Apache服务器转义您的URL。 The reason you escape your URL is because some characters have another meaning. 逃脱URL的原因是因为某些字符还有其他含义。 For example, take a querystring: 例如,使用一个查询字符串:
somedomain.com/?key=value somedomain.com/?key=value
If we would want to use a ? 如果我们想使用? or a = in your value you would have a problem because your server would think that you are using operators of your querystring. 或=值,则可能会出现问题,因为服务器会认为您正在使用查询字符串的运算符。
The same for the % -symbol. %符号相同。 When your apache server sees a %-symbol he thinks he will find an enconded and will try to decode it. 当您的apache服务器看到%符号时,他认为他会找到一个encond并将尝试对其进行解码。 If your querystring is %20 , apache will translate this to a space, while you meant "wildcard20". 如果您的查询字符串是%20 ,则apache会将其转换为空格,而您的意思是“ wildcard20”。
In summary: apache decodes your string, so you dont want him to encode it. 总结:apache解码您的字符串,因此您不希望他对它进行编码。
But this does not solve your problem. 但这不能解决您的问题。 You can solve your problem by changing your code into the following: 您可以通过将代码更改为以下内容来解决问题:
from urllib import urlencode
if form.is_valid():
if 'search_user' in request.POST:
q = request.POST['search_user']
return redirect('/search/?q='+urlencode(q))
In case you wonder: what if my user would type /search/?q=% ; 如果您想知道:如果我的用户输入/search/?q=% ,该/search/?q=% in that case he'ld have a problem for he has typed an invalid address. 在这种情况下,他会遇到问题,因为他输入了无效的地址。
Hope this helps :-). 希望这可以帮助 :-)。
Wout Wout
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.