Posted by rh on 02/05/07 06:15

"Jon Maz" <pparker.removethis@gmx.removethistoo.net> wrote in message
news:eq5kcj$9q9$1@aioe.org...
> Hi,
>
> I'm having problems with a RewriteRule that's applied to url's with the %
> character in them, hope someone can help. The % character is a result of
> url-encoding non-ASCII words, as in the example below:
>
> 1. the word "s�curit�" comes out of my db
>
> 2. I construct the following link, using the php urlencode function:
> <a href="/search/s%C3%A9curit%C3%A9">s�curit�</a>

How do you get s%C3%A9curit%C3%A9 from s�curit�

s�curit�, url encoded, is s%E9curit%E9

s%C3%A9curit%C3%A9 decoded is sécurité as is correctly reported in your rewrite log.

>
> 3. the url created should be interpreted by a RewriteRule:
> RewriteRule ^search/([a-zA-Z0-9-+%]+)$ /pages/search.php?word=$1 [QSA,L]

a hyphen in a character class specifies a range unless it's the first or last character in
the class

what range are you looking for with 9-+

>
> However the RewriteRule doesn't match on my url, and I see this in the
> RewriteLog:
>
> init rewrite engine with requested uri /search/sécurité

The rewrite rule works correctly, the uri contains � and �. The regex doesn't allow for
these.

>
> So it seems like some kind of decoding is going on so that the RewriteRule
> never even sees the % character. I have set everything I can think of
> (MySql SET NAMES, Apache AddDefaultCharset) to utf-8.
>

The uri is decoded before the server tries to resolve it, why would it not?

Why are you trying to do the heavy lifting with mod rewrite? just pass the search term to
the script and validate it there, you should validate all user input in your scripts.

RewriteRule ^search/(.+)$ /pages/search.php?word=$1 [QSA,L]


Rich

[Back to original message]