(UTC)
Change Template: 
Choose Language:
YaBB Development & ModsGeneral CategoryGeneral Board › ; gets url encoded with some clients, + doesn't Bottom
Previous Topic | Next Topic
Page Index Toggle Pages: 1 [2]  ReplyAdd Poll Send Topic
Hot Topic (More than 10 Replies) ; gets url encoded with some clients, + doesn't (Read 17010 times)
 
Paste Member Name in Quick Reply Box Monni
Language
***
Offline


Min izāmō

Posts: 413
Location: Kaarina, Finland
Joined: Jul 16th, 2014
Gender: Male
Mood: Frustrated
Zodiac sign: Pisces
Re: ; gets url encoded with some clients, + doesn't
Reply #8 - Sep 18th, 2014 at 10:40am
Mark & QuoteQuote  
Dandello wrote on Sep 18th, 2014 at 5:37am:
Well, I see that my browser decodes them the same...  Grin


My browser had no problems with decoding, but it seems Apache has troubles accepting ";" in URL, even if it is URL encoded... It just says "=" can't be there without "&"... So both ";" and "=" get URL encoded inside Apache even though ";" is already URL encoded by the browser.
  
Back to top
GTalk Skype/VoIP Facebook Twitter YouTube ICQ  
IP Logged
 
Paste Member Name in Quick Reply Box Dandello
Forum Administrator
YaBB Modder
*****
Offline


I love YaBB 2.7!

Posts: 2271
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Mood: Annoyed
Zodiac sign: Virgo
Re: ; gets url encoded with some clients, + doesn't
Reply #7 - Sep 18th, 2014 at 5:37am
Mark & QuoteQuote  
Well, I see that my browser decodes them the same...  Grin
  
Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Paste Member Name in Quick Reply Box Monni
Language
***
Offline


Min izāmō

Posts: 413
Location: Kaarina, Finland
Joined: Jul 16th, 2014
Gender: Male
Mood: Frustrated
Zodiac sign: Pisces
Re: ; gets url encoded with some clients, + doesn't
Reply #6 - Sep 18th, 2014 at 3:33am
Mark & QuoteQuote  
Dandello wrote on Sep 17th, 2014 at 9:38pm:
So you're saying YaBB sees ';' and tosses an error but doesn't on ';' - if it's in conjunction with 'start=all'? Or some clients are encoding the semi-colon to ';' and some aren't.


As semicolon is reserved character, all clients should URL encode it... It seems some encoder implementations encode using lowercase letters, some encode using uppercase letters. The problem is that for some reason the lowercase versions don't always get decoded in Perl code... Where the "start=all" comes from, I suspect it has to do with old links that were "cached" or bookmarked about 7 years ago when the forum was using older version of YaBB.
  
Back to top
GTalk Skype/VoIP Facebook Twitter YouTube ICQ  
IP Logged
 
Paste Member Name in Quick Reply Box Dandello
Forum Administrator
YaBB Modder
*****
Offline


I love YaBB 2.7!

Posts: 2271
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Mood: Annoyed
Zodiac sign: Virgo
Re: ; gets url encoded with some clients, + doesn't
Reply #5 - Sep 17th, 2014 at 9:38pm
Mark & QuoteQuote  
So you're saying YaBB sees '%3b' and tosses an error but doesn't on '%3B' - if it's in conjunction with 'start=all'? Or some clients are encoding the semi-colon to '%3b' and some aren't.
  
Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Paste Member Name in Quick Reply Box Monni
Language
***
Offline


Min izāmō

Posts: 413
Location: Kaarina, Finland
Joined: Jul 16th, 2014
Gender: Male
Mood: Frustrated
Zodiac sign: Pisces
Re: ; gets url encoded with some clients, + doesn't
Reply #4 - Sep 17th, 2014 at 8:53pm
Mark & QuoteQuote  
Dandello wrote on Sep 17th, 2014 at 6:15pm:
'start=all' should only appear in conjunction with 'board='. So a 'num=' in conjunction with a 'start=all' was entered from the address bar.


It really doesn't make sense as the same URL pattern comes from different IP subnets, but not all cause the error message, only if the "b" in the URL encoded query string is lowercase.
  
Back to top
GTalk Skype/VoIP Facebook Twitter YouTube ICQ  
IP Logged
 
Paste Member Name in Quick Reply Box Dandello
Forum Administrator
YaBB Modder
*****
Offline


I love YaBB 2.7!

Posts: 2271
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Mood: Annoyed
Zodiac sign: Virgo
Re: ; gets url encoded with some clients, + doesn't
Reply #3 - Sep 17th, 2014 at 6:15pm
Mark & QuoteQuote  
'start=all' should only appear in conjunction with 'board='. So a 'num=' in conjunction with a 'start=all' was entered from the address bar.
  
Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Paste Member Name in Quick Reply Box Monni
Language
***
Offline


Min izāmō

Posts: 413
Location: Kaarina, Finland
Joined: Jul 16th, 2014
Gender: Male
Mood: Frustrated
Zodiac sign: Pisces
Re: ; gets url encoded with some clients, + doesn't
Reply #2 - Sep 17th, 2014 at 5:43pm
Mark & QuoteQuote  
The last time I saw %3b in a URL was when it was followed by "start=all"... I'm pretty sure YaBB used to allow "+" in uploaded file names in previous versions.
  
Back to top
GTalk Skype/VoIP Facebook Twitter YouTube ICQ  
IP Logged
 
Paste Member Name in Quick Reply Box Dandello
Forum Administrator
YaBB Modder
*****
Offline


I love YaBB 2.7!

Posts: 2271
Location: The Land of YaBB
Joined: Feb 12th, 2014
Gender: Female
Mood: Annoyed
Zodiac sign: Virgo
Re: ; gets url encoded with some clients, + doesn't
Reply #1 - Sep 17th, 2014 at 5:39pm
Mark & QuoteQuote  
I'm going to call it a security feature (at least that attachment one as I'm pretty sure - not 100% sure -  YaBB doesn't allow '+' in uploaded file names).

Also, the only time I see %3b in the error log here is when someone has inserted a url into a query string.

Of course, we have no way of knowing what client was being used to do this but if it were a major issue or one that breaks the url, someone would have complained to YaBBForum about their users not being able to read messages.
  
Perfection is not possible. Excellence, however, is excellent.
Back to top
WWW  
IP Logged
 
Paste Member Name in Quick Reply Box Monni
Language
***
Offline


Min izāmō

Posts: 413
Location: Kaarina, Finland
Joined: Jul 16th, 2014
Gender: Male
Mood: Frustrated
Zodiac sign: Pisces
; gets url encoded with some clients, + doesn't
Sep 17th, 2014 at 4:51pm
Mark & QuoteQuote  
In the error log I see messages that, in Security.pm, YaBB can't parse thread id, which is obviously url encoded as it contains %3b, which is semicolon.

Reverse happens with attachment names that contain '+', which doesn't get url encoded in the client, even though it should and instead gets converted as " " (space).

Dunno if this is bug or security feature, so posting here...
  
Back to top
GTalk Skype/VoIP Facebook Twitter YouTube ICQ  
IP Logged
 
Page Index Toggle Pages: 1 [2] 
ReplyAdd Poll Send Topic
Previous Topic | Next Topic
Bookmarks: del.icio.us Digg Facebook Google LinkedIn reddit Twitter Yahoo
; gets url encoded with some clients, + doesn't

Please type the characters exactly as they appear in the image,
without the first 2 and last 2 characters.
The characters must be typed in the same order,
and they are case-sensitive.
Open Preview Preview

You can resize the textbox by dragging the right or bottom border.
Off Topic Comment Insert Spoiler
Insert Hyperlink Insert FTP Link Insert Image Insert E-mail Insert Media Insert Table Insert Table Row Insert Table Column Insert Horizontal Rule Insert Teletype Insert Code Insert Quote Edited Superscript Subscript Insert List /me - my name Insert Marquee Insert Timestamp No Parse
Bold Italicized Underline Insert Strikethrough Highlight
                       
Change Text Color
Insert Preformatted Text Left Align Centered Right Align
resize_wb
resize_hb







Max 5000 characters. Remaining characters:
Text size: %
More Smilies
View All Smilies
Collapse additional features Collapse/Expand additional features Smiley Wink Cheesy Grin Angry Sad Shocked Cool Huh Roll Eyes Tongue Embarrassed Lips Sealed Undecided Kiss Cry
 

YaBB Development & Mods » Powered by YaBB 2.7.00!
YaBB Forum Software © 2000-2026. All Rights Reserved.

Valid RSS HTML 5 Valid CSS Powered by Perl Source Forge

Page completed in 0.7072 seconds.