What is the purpose of replacing the% 20 space before executing PHP rawurlencode ()?
This is a pretty silly question, sorry. There is a large and quite complex system that has a bug and I was able to trace it back to this part.
return str_replace('%2F', '/', rawurlencode(str_replace('%20', ' ', $key)));
There is a comment explaining why the slashes are replaced - to preserve the path structure, for example. encoded1 / encoded2 / etc .. However, there is no explanation why% 20 is replaced with space, and this part is the direct cause of the error. I'm tempted to just delete str_replace (), but it looks like it fit in there for some reason, and I get the feeling that I'll break something else by doing this. Has anyone come across something similar? Perhaps this is a dirty fix for some PHP bug? Any guesses and ideas are greatly appreciated!
This will result in the %20
(encoded space) not being encoded before %2F20
. However, it only serves to prevent double shielding spaces; other special characters will still be double-encoded.
This is a sign of bad code; strings that are passed to this function must not have rights to encoded characters.
I would recommend creating unit tests that cover all of the referenced code, and then refactoring that function to remove str_replace()
to make sure it doesn't break tests.
The first thing that comes to mind is a method to prevent double encoding.
Not that I would recommend doing such a thing this way, as it would quickly become useless (and already wondering why only this entity, perhaps "they" have never encountered problems with others ... yet) ...
This may be the result of misunderstanding rawurlencode()
vsurlencode()
urlencode()
replaces spaces with characters +
If the original author thought they rawurlencode()
did the same, they will try to pre-encode the spaces so they don't turn into +
s