|Subject:||Ampersand (*) not Escaped in HTTP Post|
|Posted by:||Kevin Davidson (kev…@qsinc.com)|
|Date:||Wed, 28 Apr 2004|
Kevin Davidson wrote:
When an HTTP post escapes unsafe characters in parameters, it needs to
include the "&". If one of those gets through, the web server thinks
it's starting a new parameter. Very messy.
I couldn't figure any kind of workaround because if you escape the &
yourself, Indy then escapes the "%". I had to change Indy.
The following change seems to fix it (Indy 9.0.14):
class function TIdURI.ParamsEncode(const ASrc: string): string;
// UnsafeChars = ['*', '#', '%', '<', '>', ' ','[',']']; // current
UnsafeChars = ['*', '#', '%', '<', '>', ' ','[',']', '&']; // new