Ampersand (*) not Escaped in HTTP Post

Giganews Newsgroups
Subject: Ampersand (*) not Escaped in HTTP Post
Posted by:  Kevin Davidson (kev…@qsinc.com)
Date: Wed, 28 Apr 2004

Kevin Davidson wrote:

When an HTTP post escapes unsafe characters in parameters, it needs to
include the "&". If one of those gets through, the web server thinks
it's starting a new parameter. Very messy.

I couldn't figure any kind of workaround because if you escape the &
yourself, Indy then escapes the "%". I had to change Indy.

The following change seems to fix it (Indy 9.0.14):

class function TIdURI.ParamsEncode(const ASrc: string): string;
var
  i: Integer;
const
  // UnsafeChars = ['*', '#', '%', '<', '>', ' ','[',']'];  // current
  UnsafeChars = ['*', '#', '%', '<', '>', ' ','[',']', '&']; //  new

Kevin

Replies