Re: Should '&' char be included in UnsafeChars in TIdURI.ParamsEncode

Giganews Newsgroups
Subject: Re: Should '&' char be included in UnsafeChars in TIdURI.ParamsEncode
Posted by:  Kevin Davidson (kev…@qsinc.com)
Date: Tue, 22 Feb 2005

Yes! This is a major bug in both Indy 9 and Indy 10 (10.0.52).

Since the "&" is the parameter separator, failing to escape it will
cause the server to mis-parse the message every time. The same problem
exists with the "+" character, which also has special meaning for
parameters.

I spent a lot of time and suffered considerable embarrassment when my
Indy code failed miserably because of this problem.

I think it's only an issue in TIdURI.ParamsEncode, though.

The code should read:

class function TIdURI.ParamsEncode(const ASrc: string): string;
var
  i: Integer;
const
  // KD add & and + to the Unsafe Characters
  UnsafeChars = ['*', '#', '%', '<', '>', ' ','[',']', '&', '+'];  {do
not localize}
...

Kevin Davidson

loki wrote:
> Should '&' char be included in UnsafeChars in TIdURI.ParamsEncode and
> TIdURI.PathEncode?
>
> I say that because if i have a TstringList like :
>
>  Lst.add('Field1=gnagna&bla=bla');
>  Lst.add('Field2=hoho&haha');
>
> then HTTP.Post(myUrl, LST, MyReponseStream) will be badly translated by the
> server :((
>
> The server will receive that :
> Field1=gnagna&bla=bla&Field2=hoho&haha
>
> And translate it in AMRequest like
>
> Field1=gnagna
> bla=bla
> Field2=hoho
> haha
>
> Thank you by advance
> stéphane

Replies

None

In response to

Should '&' char be included in UnsafeChars in TIdURI.ParamsEncode posted by loki on Sun, 9 Jan 2005