NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.

You are here: Foswiki>Tasks Web>Item6022 (08 Jan 2009, KwangErnLiew)

Item6022: ENCODE{} treats % as safe character

Priority:	CurrentState:	AppliesTo:	Component:	WaitingFor:
Urgent	Closed	Engine	TWiki.pm

The %-Sign (per cent) is according to RFC 1738 unsafe. (2.2. URL Character Encoding Issues: The character "%" is unsafe because it is used for encodings of other characters.)

But the TWiki Variable %ENCODE{}% treats % (per cent) as a safe letter instead of transforming it to %25.

Test

Test:

?value=%ENCODE{"%9600" type="url"}%

results in:

?value=%259600 (results in 4.22 as %9600)
value will be seen as -00

expected:

?value=%259600
value will be seen as %9600

proposed patch: /lib/TWiki.pm

2403c2403
<    $text =~ s/([^0-9a-zA-Z-_.:~!*'\/%])/'%'.sprintf('%02x',ord($1))/ge;
---
>    $text =~ s/([^0-9a-zA-Z-_.:~!*'\/])/'%'.sprintf('%02x',ord($1))/ge;

-- TWiki:Main/AndreLichtsteiner - 25 Sep 2008

Elevating to urgent.

Any voices against Andre's conclusions? Things that will break?

Otherwise I will commit the patch. Will wait a few days

-- TWiki:Main.KennethLavrsen - 29 Sep 2008

sorry, couldn't wait any longer smile

-- SvenDowideit - 05 Oct 2008

ItemTemplate edit

Summary	ENCODE{} treats % as safe character
ReportedBy	TWiki:Main.AndreLichtsteiner
Codebase
SVN Range	TWiki-5.0.0, Tue, 23 Sep 2008, build 17539
AppliesTo	Engine
Component	TWiki.pm
Priority	Urgent
CurrentState	Closed
WaitingFor
Checkins	TWikirev:17588
TargetRelease	patch
ReleasedIn

Topic revision: r9 - 08 Jan 2009, KwangErnLiew

Tasks

Submit and Query

Create Task

Developer Tasks

Non Developer Tasks

Developer Tools

Tools

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement.