Pass a percent (%) sign in a url and get exact value of it using php
Answer:
To send a %
sign in a url, instead send %25
.
In your case, in order for php to see a percent sign, you must pass the character string %25B6011000995504101^SB
to the server.
Why:
In URLs, the percent sign has special meaning. Is used to encode special characters. For example, &
is the separator between parameters, so if you want your parameter to actually contain an &
, you instead write %26
. Because the percent sign is used to encode special characters, it is also a special character, and so if you want to actually send a percent sign, it must also be encoded. The encoding for a percent sign is %25
.
percent(%) sign character in git password
For '%' character, equivalent URL encode is '%25'
You can try replacing '%' with '%25'
Avoid multiple url_encode()
Assuming that you are wanting to urlencode
a URL for use in the query string (recursively/iterative), something like this:
$s = 'http://www.php.net/urlencode?url=http%3A%2F%2Fwww.php.net%2Furlencode';
//parse the url
$p = parse_url($s);
//check if there is a query string
$q = isset($p['query']) ? $p['query'] : '';
//urlencode the main url and then append the already encoded query string
echo urlencode(str_replace($q, '', $s)) . $q;
Or possibly:
echo urlencode(urldecode($s));
Percent Symbol in CodeIgniter URI
Put the "-" at the end of the string otherwise it gets interpreted as range. The % is already in the allowed character list as you can see.
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+-';
Ahem... after looking at your sample string again. Here is why you get "The URI you submitted has disallowed characters
".
Short explanation: Add the ampersand & to the allowed characters list
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_+&-';
Long explanation
There are 2 things playing together.
A) CodeIgniter checks all URI segments for disallowed characters. This happens by whitelisting allowed characters. Which ones are allowed can be checked in /system/application/config/config.php in the $config['permitted_uri_chars']
variable. The default value is set to something like 'a-z 0-9~%.:_-'
. Thus all letters from a to z, space, all numbers and the following characters *~%.:_- are allowed.
Ok let us compare that to your sample URI which you say works
a-z 0-9~%.:_-
DO_SOMETHING/Coldplay/Fix+You/273/X+26+Y/ //note the missing %
All characters are ok... but wait what about the plus sign +? It's not in the list of allowed characters! And yet the URI is not complained about? This is the key to your problem.
B) CodeIgniter urldecodes the URI segments prior to the whitelist-character-check to prevent that someone circumvents the check by simply urlencoding the URI. Thus the + gets decoded to a space. This behaviour is because of urlencode (which encodes spaces as + sign, deviating from RFC 1738). That explains why the + sign is allowed.
These two things combined explain also why this specific URI doesn't work.
urldecode(DO_SOMETHING/Coldplay/Fix+You/273/X+%26+Y/) //evaluates to
//DO_SOMETHING/Coldplay/Fix You/273/X & Y/
Whoops... the urldecoding translates %26 to an &
Which isn't an allowed character. Mistery ;-) solved
Never seen and can't find out such a weird sign encoding in URL
%23
is the url-encoded form of the #
character. So the URL contains an encoded string value of ?
.
An HTML entity can be expressed in one of three formats:
&<name>;
<decimal>;
<hex>;
In this case, the URL contains a hex-encoded HTML entity, where 0x3F
is the hex value for the ?
character.
The URL you provided:
http://ow.ly/LhPyt
As well as this direct URL:
http://www.hotelreservierung.de/angebot/St-James's-Club-Morgan-Bay-Saint-Lucia/Hotel-4432957
Both respond with an HTTP redirect to this URL:
http://www.hotelreservierung.de/angebot/St-James&%23x3F;s-Club-Morgan-Bay-Saint-Lucia/Hotel-4432957
GET /LhPyt HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ow.ly
DNT: 1
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Location: http:// goo.gl/8vb7n8
Connection: close
Content-Length: 0
GET /8vb7n8 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
DNT: 1
Host: goo.gl
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 10 Apr 2015 16:59:34 GMT
Location: http://www.hotelreservierung.de/angebot/St-James&%23x3F;s-Club-Morgan-Bay-Saint-Lucia/Hotel-4432957
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 240
Server: GSE
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Age: 83
Alternate-Protocol: 80:quic,p=0.5
GET /angebot/St-James's-Club-Morgan-Bay-Saint-Lucia/Hotel-4432957 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.hotelreservierung.de
DNT: 1
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Fri, 10 Apr 2015 17:01:07 GMT
Server: Apache/2
Provided-Host: hrslave03
Set-Cookie: _hrlnkflghtl2=a%3A1%3A%7Bi%3A0%3Bs%3A12%3A%22Hrlnkflghtl1%22%3B%7D; expires=Sun, 10-May-2015 17:01:07 GMT; path=/
Set-Cookie: _hrhtldtlnwdsgn2=a%3A1%3A%7Bi%3A0%3Bs%3A16%3A%22Hrhtldtlnwdsgn2b%22%3B%7D; expires=Sun, 10-May-2015 17:01:07 GMT; path=/
Set-Cookie: _hrstrtpgnwfrm=a%3A1%3A%7Bi%3A0%3Bs%3A14%3A%22Hrstrtpgnwfrm4%22%3B%7D; expires=Sun, 10-May-2015 17:01:07 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: mDhBeFyD=00; Expires=Sat, 11-Apr-2015 17:01:07 GMT; Path=/
Location: /angebot/St-James&%23x3F;s-Club-Morgan-Bay-Saint-Lucia/Hotel-4432957
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html
Notice the Location
header in both responses.
In the first case, the browser is simply navigating to the new URL that goo.gl
told it to go to.
In the second case, the browser is transmitting the '
character as-is in its GET
request and is then being redirected to a new URL that contains &%23x3F;
instead. So it is the hotelreservierung.de
server itself that is deciding to encode the '
character as &%23x3F;
in its URL. It is not the browser doing that.
JavaScript - Encode characters and URI malformed error
Eventually there was a bug on my server side. I tried to decode the '%' sign.
Solved it by the following:
On the client:
const endpoint = `${endpoint}&text=${encodeURIComponent(query)}`;
await fetch(endpoint);
On the server:
decodeURIComponent(encodeURIComponent(query.text))
urlencode but ignore certain chars
Can you not just do:
$str = urlencode($str);
$str = str_replace("%23", "#", $str);
$str = str_replace("%25", "%", $str);
Related Topics
Zf2 - Get Controller Name into Layout/Views
How to Pass Value from One PHP Page to Another Using Session
Error: File Is Encrypted or Is Not a Database
Laravel 5.5 Error Base Table or View Already Exists: 1050 Table 'Users' Already Exists
PHP Warning: Exec() Unable to Fork
Laravel Livewire Component Not Refreshing/Reloading Automatically After Refreshing It
In PHP What Does It Mean by a Function Being Binary-Safe
How to Remove All Leading Zeroes in a String
How to Enable --Enable-Soap in PHP on Linux
Stored Procedures, MySQL and PHP
Invoke External Shell Script from PHP and Get Its Process Id
Why Is Calling a Function (Such as Strlen, Count etc) on a Referenced Value So Slow
Mysql_Real_Escape_String Is Undefined
Is It a Good Idea to Use $_Server['Document_Root'] in Includes