Bug 36986 - mod_rewrite special character codes %23, %26, %2F problem
Summary: mod_rewrite special character codes %23, %26, %2F problem
Status: RESOLVED DUPLICATE of bug 34602
Alias: None
Product: Apache httpd-1.3
Classification: Unclassified
Component: mod_rewrite (show other bugs)
Version: HEAD
Hardware: Other other
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2005-10-10 12:40 UTC by Saqib
Modified: 2005-11-05 01:37 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Saqib 2005-10-10 12:40:15 UTC
Mod_rewrite has problems with the special character codes %23, %26, and %2F (for
‘#’, ‘&’, ‘/’) appearing in the request URL - the URL pattern being rewritten.

‘%23’ and ‘%26’ seem to escape the rewrite (any substitution variables after
this point seem to be set to null). ‘%2F’ causes the rewrite to break (404
error) in all examples I tested.

mod_rewrite seems to automatically decode the '%25' code. So these characters
can be passed on by replacing the '%' with '%25', and passing the characters
into the URL as ‘%2523’, ‘%2526’, and ‘%252F’.

However, this workaround causes the variable values to be treated differently
than if they were passed from the un-rewritten URL. E.g., given the RewriteRule:

RewriteRule ^test/(.*) test.php?testvar=$1

In the case of the pattern URL:
Versus a direct request to:
The variable testvar would have a value of ‘&’ in the former, and ‘%26’ in the
latter. This inconsistency can be solved by regex substitutions in GET variables
in the script itself, but that doesn’t seem like a transparent or robust solution.

Note that the [NE] flag is for the substitution side rather than the pattern
side, so that doesn't help here.

To me this seems to be a bug, as %23, %26 and %2F probably shouldn't be treated
any differently than other special character codes.

Also, I couldn't find the tendency of mod_rewrite to automatically decode '%25'
before rewriting (when it is followed by a two-character hexadecimal code) noted
anywhere in the documentation, and I think it should be. And this, too, can
cause problems. e.g., given the same RewriteRule above, requests to:


Result in different values of testvar: 'sportsún' versus 'sports%fan'.

I am unsure if this should be classified as a separate issue, but since both
issues are strongly related I am reporting them together.

Comment 1 Marcus Bointon 2005-11-05 10:37:04 UTC

*** This bug has been marked as a duplicate of 34602 ***