使用Apache更正URL中的%转义

时间:2022-04-17 20:15:28

I have a Django project where I have a search page which takes input through a POST and redirect to /search/<search string>/ and this page renders the result. The percentage sign (%) is used as a wildcard in the search (tes%er returns testuser, tester, etc and the url looks like this then: example.com/search/tes%25er/) and everything works fine with the Django development server. If I manually write tes%er in the url it changes to tes%25er automatically.

我有一个Django项目,我有一个搜索页面,它通过POST接收输入并重定向到/ search / <搜索字符串> /这个页面呈现结果。百分号(%)在搜索中用作通配符(tes%er返回testuser,tester等,然后url看起来像这样:example.com/search/tes%25er/)并且Django的一切正常开发服务器。如果我在url中手动编写tes%er,它会自动更改为tes%25er。

Now I'm deploying on an Apache server with mod_wsgi and when my search page redirects to example.com/search/tes%er/ I get the server error: Bad Request. Your browser sent a request that this server could not understand.. If I manually add '25' to the url, like the encoded % sign so it looks like the development server it works fine.

现在我正在使用mod_wsgi在Apache服务器上部署,当我的搜索页面重定向到example.com/search/tes%er/时,我收到服务器错误:错误请求。您的浏览器发送了此服务器无法理解的请求。如果我手动将“25”添加到网址,就像编码的%符号一样,它看起来像开发服务器,它工作正常。

Is there a way for Apache to automatically escape the %-sign and create a url that works, understand % unescaped or do I need to do ugly hacks in my search page that builds the url? (I'd rather not do ugly hacks like this cause then the users can't manually add % to the url and get it to work).

有没有办法让Apache自动转义%-sign并创建一个有效的网址,了解%未转义或我是否需要在构建网址的搜索页面中做丑陋的黑客攻击? (我宁愿不做像这样丑陋的黑客,因此用户无法手动将%添加到网址并使其工作)。

Edit: The code that sends the query from the search page to the search url.

编辑:将搜索从搜索页面发送到搜索网址的代码。

if form.is_valid():
    if 'search_user' in request.POST:
        q = request.POST['search_user']
        return redirect('/search/'+q)

1 个解决方案

#1


1  

As Ignacio already suggested, you should not redirect to an invalid url. So to answer your question:

正如Ignacio已经建议的那样,您不应该重定向到无效的网址。所以回答你的问题:

you can (or perhaps its better to say 'should') not ask your Apache server to escape your url. The reason you escape your URL is because some characters have another meaning. For example, take a querystring:

你可以(或者更好地说'应该')不要求你的Apache服务器逃脱你的网址。您转义URL的原因是因为某些字符具有其他含义。例如,采用查询字符串:

somedomain.com/?key=value

If we would want to use a ? or a = in your value you would have a problem because your server would think that you are using operators of your querystring.

如果我们想要使用?或者a =在您的值中,您会遇到问题,因为您的服务器会认为您正在使用查询字符串的运算符。

The same for the %-symbol. When your apache server sees a %-symbol he thinks he will find an enconded and will try to decode it. If your querystring is %20, apache will translate this to a space, while you meant "wildcard20".

%-symbol也一样。当您的apache服务器看到%-symbol时,他认为他会找到一个借用并尝试解码它。如果您的查询字符串是%20,则apache会将其转换为空格,而您的意思是“wildcard20”。

In summary: apache decodes your string, so you dont want him to encode it.

总结:apache解码你的字符串,所以你不希望他编码它。

But this does not solve your problem. You can solve your problem by changing your code into the following:

但这并不能解决你的问题。您可以通过将代码更改为以下内容来解决您的问题:

from urllib import urlencode
if form.is_valid():
    if 'search_user' in request.POST:
        q = request.POST['search_user']
        return redirect('/search/?q='+urlencode(q))

In case you wonder: what if my user would type /search/?q=%; in that case he'ld have a problem for he has typed an invalid address.

万一你想知道:如果我的用户输入/搜索/?q =%;在这种情况下,他有一个问题,因为他输入了一个无效的地址。

Hope this helps :-).

希望这可以帮助 :-)。

Wout

#1


1  

As Ignacio already suggested, you should not redirect to an invalid url. So to answer your question:

正如Ignacio已经建议的那样,您不应该重定向到无效的网址。所以回答你的问题:

you can (or perhaps its better to say 'should') not ask your Apache server to escape your url. The reason you escape your URL is because some characters have another meaning. For example, take a querystring:

你可以(或者更好地说'应该')不要求你的Apache服务器逃脱你的网址。您转义URL的原因是因为某些字符具有其他含义。例如,采用查询字符串:

somedomain.com/?key=value

If we would want to use a ? or a = in your value you would have a problem because your server would think that you are using operators of your querystring.

如果我们想要使用?或者a =在您的值中,您会遇到问题,因为您的服务器会认为您正在使用查询字符串的运算符。

The same for the %-symbol. When your apache server sees a %-symbol he thinks he will find an enconded and will try to decode it. If your querystring is %20, apache will translate this to a space, while you meant "wildcard20".

%-symbol也一样。当您的apache服务器看到%-symbol时,他认为他会找到一个借用并尝试解码它。如果您的查询字符串是%20,则apache会将其转换为空格,而您的意思是“wildcard20”。

In summary: apache decodes your string, so you dont want him to encode it.

总结:apache解码你的字符串,所以你不希望他编码它。

But this does not solve your problem. You can solve your problem by changing your code into the following:

但这并不能解决你的问题。您可以通过将代码更改为以下内容来解决您的问题:

from urllib import urlencode
if form.is_valid():
    if 'search_user' in request.POST:
        q = request.POST['search_user']
        return redirect('/search/?q='+urlencode(q))

In case you wonder: what if my user would type /search/?q=%; in that case he'ld have a problem for he has typed an invalid address.

万一你想知道:如果我的用户输入/搜索/?q =%;在这种情况下,他有一个问题,因为他输入了一个无效的地址。

Hope this helps :-).

希望这可以帮助 :-)。

Wout

相关文章