From: [EMAIL PROTECTED]
Operating system: Unix based
PHP version: 4.1.0
PHP Bug Type: HTTP related
Bug description: include() does not decode % correctly
When include() is called with the following syntax:
include("http://username:[EMAIL PROTECTED]/";);
It is the duty of the include call to tokenize the username and password,
and to urldecode each of them. Why? Because things would break if a
username contained 'www.example.com/?var=' or say a password contained an
@. So, it is the duty of the caller to urlencode these tokens, and the
duty of include (or a sub function) to unencode it after parsing.
However, it has been observed in PHP 4.1.x that '%' characters (or their
equivalent '%25') are not decoded properly. Prior use of this feature
leads us to believe the 4.0.x series of PHP does not have this problem.
We run websites with hundreds of users. We would appreciate a quick
response, because we would rather not force all users with '%'s in their
passwords to change them. Thank you.
--
Edit bug report at http://bugs.php.net/?id=16337&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16337&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16337&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16337&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16337&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16337&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16337&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16337&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16337&r=submittedtwice
