YaBB 2.6 Forum - ; gets url encoded with some clients, + doesn't

(UTC)

YaBB 2.6 Forum › General Category › General Board › ; gets url encoded with some clients, + doesn't

‹ Previous Topic | Next Topic ›

Pages: 1 [2]

; gets url encoded with some clients, + doesn't (Read 41712 times)

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #8 - Sep 18^th, 2014 at 10:40am	Print Post
	Dandello wrote on Sep 18^th, 2014 at 5:37am: Well, I see that my browser decodes them the same... My browser had no problems with decoding, but it seems Apache has troubles accepting ";" in URL, even if it is URL encoded... It just says "=" can't be there without "&"... So both ";" and "=" get URL encoded inside Apache even though ";" is already URL encoded by the browser.


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #7 - Sep 18^th, 2014 at 5:37am	Print Post
	Well, I see that my browser decodes them the same...

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #6 - Sep 18^th, 2014 at 3:33am	Print Post
	Dandello wrote on Sep 17^th, 2014 at 9:38pm: So you're saying YaBB sees ';' and tosses an error but doesn't on ';' - if it's in conjunction with 'start=all'? Or some clients are encoding the semi-colon to ';' and some aren't. As semicolon is reserved character, all clients should URL encode it... It seems some encoder implementations encode using lowercase letters, some encode using uppercase letters. The problem is that for some reason the lowercase versions don't always get decoded in Perl code... Where the "start=all" comes from, I suspect it has to do with old links that were "cached" or bookmarked about 7 years ago when the forum was using older version of YaBB.


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #5 - Sep 17^th, 2014 at 9:38pm	Print Post
	So you're saying YaBB sees '%3b' and tosses an error but doesn't on '%3B' - if it's in conjunction with 'start=all'? Or some clients are encoding the semi-colon to '%3b' and some aren't.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #4 - Sep 17^th, 2014 at 8:53pm	Print Post
	Dandello wrote on Sep 17^th, 2014 at 6:15pm: 'start=all' should only appear in conjunction with 'board='. So a 'num=' in conjunction with a 'start=all' was entered from the address bar. It really doesn't make sense as the same URL pattern comes from different IP subnets, but not all cause the error message, only if the "b" in the URL encoded query string is lowercase.


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #3 - Sep 17^th, 2014 at 6:15pm	Print Post
	'start=all' should only appear in conjunction with 'board='. So a 'num=' in conjunction with a 'start=all' was entered from the address bar.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #2 - Sep 17^th, 2014 at 5:43pm	Print Post
	The last time I saw %3b in a URL was when it was followed by "start=all"... I'm pretty sure YaBB used to allow "+" in uploaded file names in previous versions.


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Dandello Forum Administrator Offline I love YaBB 2.7! Posts: 1759 Location: The Land of YaBB Joined: Feb 12^th, 2014 Gender:	Re: ; gets url encoded with some clients, + doesn't Reply #1 - Sep 17^th, 2014 at 5:39pm	Print Post
	I'm going to call it a security feature (at least that attachment one as I'm pretty sure - not 100% sure - YaBB doesn't allow '+' in uploaded file names). Also, the only time I see %3b in the error log here is when someone has inserted a url into a query string. Of course, we have no way of knowing what client was being used to do this but if it were a major issue or one that breaks the url, someone would have complained to YaBBForum about their users not being able to read messages.

	Perfection is not possible. Excellence, however, is excellent.
	WWW IP Logged

Monni Senior Member Offline Min izāmō Posts: 413 Location: Kaarina, Finland Joined: Jul 16^th, 2014 Gender:	; gets url encoded with some clients, + doesn't Sep 17^th, 2014 at 4:51pm	Print Post
	In the error log I see messages that, in Security.pm, YaBB can't parse thread id, which is obviously url encoded as it contains %3b, which is semicolon. Reverse happens with attachment names that contain '+', which doesn't get url encoded in the client, even though it should and instead gets converted as " " (space). Dunno if this is bug or security feature, so posting here...


	GTalkSkype/VoIP Facebook Twitter YouTube ICQ YIM IP Logged

Pages: 1 [2]

‹ Previous Topic | Next Topic ›