0

I'm trying to pass a backslash as part of a query string argument.

The project uses a pretty simple url_rewriting method:

//.Htaccess
RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule .* index.php?arguments=$0 [NC,L]

Then receive $_GET['arguments'] with values separated by /

Ex.: blog/post/2/ will fill $_GET['arguments'] with: 'post/2/'

The problem is, when I try to pass something like test%5Cabc (url encoded for test\abc), the request returns a 404 error instead of passing it as an argument

I have no idea how to fix it. Thanks in advance.

CarlosCarucce
  • 3,420
  • 1
  • 28
  • 51

2 Answers2

1

The reason you get a 404 error is because by default, Apache has AllowEncodedSlashes turned off, and its behavior is to 404 any request containing a backslash. This is because having it turned on is a potential security hazard. In Apache 2.2.18 and later, there is a NoDecode setting which makes this a bit safer, and works well for your case.

Anyway I tried turning it on locally, and indeed this script:

<?php var_dump($_REQUEST); ?>

is able to handle urls like

http://localhost/this\is\a\test

and outputs

array(1) { ["arguments"]=> string(14) "this\is\a\test" }

However, it (or my browser) seems to have problems with encoded backslashes, converting them to regular backslashes - maybe that's not a problem. If you enable the B flag on your rewriterule, it will convert unencoded backslashes to encoded backslashes.

Community
  • 1
  • 1
James
  • 20,957
  • 5
  • 26
  • 41
0

I hope I got you right, try using this :

'/file.php?id=$value'//this utilise that backslash and then pass the id to the `$_Get[]` Function somewhere in the file.php.
JOB
  • 85
  • 1
  • 1
  • 10
  • Thanks for your answer. I already got it working, the problem is when i try to pass a string like this one: 'test\\abc'. Using urlencode already. – CarlosCarucce Feb 11 '15 at 00:33