1

This is example of the script path which causes problem:

http://example.com/index/index/tokenID/345%250Atest

If I try to visit this link on the production server I receive 404 error. If I try to visit it on local machine:

localhost:8080/index/index/tokenID/345%250Atest

everything works well.

Both servers on Apache. Production server - Cent OS, localhost - Ubuntu. It looks like there is some configuration in Apache file that I forgot to set.

Tamara
  • 111
  • 1
  • 6
  • answered here: https://stackoverflow.com/a/3871762/503621 - use `%0A` for \n and `%0D` for \r – B. Shea Jan 21 '19 at 16:11
  • Using `%250A` in a online url decoder produces bad result. Maybe try 'hashing' the 'token' first (a-Z / 0-9 chars only?) before adding/encoding to URL? Or run through script first to replace bad ones with above? – B. Shea Jan 21 '19 at 16:23

1 Answers1

0

From RFC 1738 specification (not the latest):

Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL.

The current spec is RFC 3986

Now that statement above is for unencoded characters but yours is encoded. I haven't found the similar statement.

A URI is composed from a limited set of characters consisting of
digits, letters, and a few graphic symbols. A reserved subset of
those characters may be used to delimit syntax components within a
URI while the remaining characters, including both the unreserved set and those reserved characters not acting as delimiters, define each
component's identifying data.

Community
  • 1
Rob
  • 344
  • 3
  • 15
  • Hi, Rob. I don't understand your answer. I use urlencode() function in order to pass data in URL. Result of this function contains %250A which is url encoded character (new line symbol, as I understand). Why it can be handled by one type of the servers and can not by others? – Tamara Nov 12 '14 at 01:34
  • @Tamara I believe the encoded newline is %0A. %240A decodes to %0A. – BillThor Nov 12 '14 at 01:39
  • @BillThor I thought %250A decodes to %0A. Anyway if I replace %250A with %0A it still doesn't work on the production server, but works on localhost. – Tamara Nov 12 '14 at 01:51
  • @Tamara You may not have the same content or same docroot on both systems. It is strange to have /index/index in the path, although this is legal. Having linefeeds in a filename is also strange. You may also have permission issues. Check the error log. – BillThor Nov 12 '14 at 01:56