My problem with Server.URLEncode as used here

Discussion in 'ASP General' started by George Hester, Nov 19, 2004.

  1. http://support.microsoft.com/default.aspx?scid=kb;en-us;301464

    Look down at the MyPage.asp example. You will see that Microsoft does this:

    'Costruct the URL for the current page
    s = "http://"
    s = s & Request.ServerVariables("HTTP_HOST")
    s = s & Request.ServerVariables("URL")
    If Request.QueryString.Count > 0 Then
    s = s & "?" & Request.QueryString
    End If
    'Redirect unauthorised users to the logon page
    Response.Redirect "Logon.asp?from=" & Server.URLEncode(s)

    This code has problems. If the URL contains a parameter which is an image like blondie.jpg then what is sent to the Logon page is NOT the URL that ostensibly was sent to the logon page. Not only does it look different obviously but it IS different.

    If the URL accessed (mypage.asp) is like this:

    http://www.mydomain.com/more.asp?image=blondie.jpg

    Then what is sent to the logon page looks like this:

    http://www.mydomain.com/logon.asp?from=http://www.mydomain.com/more.asp?image=blondie%2Ejpg

    This is because the Request.ServerVariables("URL") does a little bit of encoding It encodes . to %2E and therefore when we pass this into Server.URLEncode it strips out the % and puts it as %25 and leaves the 2E alone. This then causes an error in JavaScript. Weirdly the image will still display. I don't know why but it does. If you access the image parameter in a <IMG src="<%=Request.QueryString("image")%>" ....

    This is not good. Is there something like Request.ServerVariables("URL") that leaves any and all characters alone in the URL so that Server.URLEncode has something to work on that has not been contaminated; so that I don't have to workaround this issue. Or can someone tell me ALL the characters that Server.Variables("URL") will escode so that I can fix this? Thanks.

    --
    George Hester
    _________________________________
     
    George Hester, Nov 19, 2004
    #1
    1. Advertising

  2. George Hester

    MikeT Guest

    On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
    <> wrote:
    >This code has problems. If the URL contains a parameter
    >which is an image like blondie.jpg then what is sent to the
    >Logon page is NOT the URL that ostensibly was sent to the
    >logon page. Not only does it look different obviously but
    >it IS different.
    >
    >If the URL accessed (mypage.asp) is like this:
    >
    >http://www.mydomain.com/more.asp?image=blondie.jpg
    >
    >Then what is sent to the logon page looks like this:
    >
    >http://www.mydomain.com/logon.asp?from=http://www.mydomain.com/more.asp?image=blondie%2Ejpg
    >
    >This is because the Request.ServerVariables("URL") does a
    >little bit of encoding It encodes . to %2E and therefore when
    >we pass this into Server.URLEncode it strips out the % and puts
    >it as %25 and leaves the 2E alone. This then causes an error in
    >JavaScript.
    >


    OK, so simply unencode the URL before encoding it again. If your
    script can't cope with encoded URLs it's going to break anyway
    someday...

    I'm not saying this is the best way to do it, but off the top of my
    head:

    const Hexconvert = "0123456789ABCDEF"

    function firsttwoHextoAscii(strHex)
    dim dec
    firsttwoHextoAscii = ""
    if len(strHex)>1 then
    dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
    instr(1,Hexconvert,mid(strHex,2,1),1) - 17
    if dec>0 and dec<256 then
    firsttwoHextoAscii = chr(dec)
    end if
    end if
    end function

    function URLunencode(strEncoded)
    dim unencoded,part
    if isnull(strEncoded) or strEncoded="" then
    URLunencode = ""
    else
    unencoded = split(replace(strEncoded,"+"," "),"%")
    for part = 1 to ubound(unencoded)
    unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
    mid(unencoded(part),3)
    next
    URLunencode = join(unencoded,"")
    end if
    end function
     
    MikeT, Nov 19, 2004
    #2
    1. Advertising

  3. Thanks MikeT. I think I can integrate this in. Lot of work it seems to me to avoid this Request.ServerVariables("URL") and Server.URLEncode combination usage issue. I had put some work into getting images that had + in the name in fact any character that could safely be used in naming files in Windows Explorer.to work. I had it good. Then I noticed this issue came up. I ran into it before in little different way but I was able to work around what VBScript and ASP was doing. But this one I think you have helped better than I had. But I am back to the above issue. If the file is named say

    blon %2E+.jpg

    Then we are going to catch that in our\(your) function and kill the name of the file. I did have this working and without Replace. Looks like I am back to the drawing board. If only Request.ServerVariables("URL") did NOT encoding at all I'd be a happy camper. The trouble is when we make a programming language with statements\functions that do more, than one thing well, we end up with issues such as this. Request.ServerVariables("URL) should do NOTHING to the URL and leave it up to Server.URLEncode to take care of encoding issues. IMHO.

    --
    George Hester
    _________________________________
    "MikeT" <9.co.uk> wrote in message news:...
    > On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
    > <> wrote:
    > >This code has problems. If the URL contains a parameter
    > >which is an image like blondie.jpg then what is sent to the
    > >Logon page is NOT the URL that ostensibly was sent to the
    > >logon page. Not only does it look different obviously but
    > >it IS different.
    > >
    > >If the URL accessed (mypage.asp) is like this:
    > >
    > >http://www.mydomain.com/more.asp?image=blondie.jpg
    > >
    > >Then what is sent to the logon page looks like this:
    > >
    > >http://www.mydomain.com/logon.asp?from=http://www.mydomain.com/more.asp?image=blondie%2Ejpg
    > >
    > >This is because the Request.ServerVariables("URL") does a
    > >little bit of encoding It encodes . to %2E and therefore when
    > >we pass this into Server.URLEncode it strips out the % and puts
    > >it as %25 and leaves the 2E alone. This then causes an error in
    > >JavaScript.
    > >

    >
    > OK, so simply unencode the URL before encoding it again. If your
    > script can't cope with encoded URLs it's going to break anyway
    > someday...
    >
    > I'm not saying this is the best way to do it, but off the top of my
    > head:
    >
    > const Hexconvert = "0123456789ABCDEF"
    >
    > function firsttwoHextoAscii(strHex)
    > dim dec
    > firsttwoHextoAscii = ""
    > if len(strHex)>1 then
    > dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
    > instr(1,Hexconvert,mid(strHex,2,1),1) - 17
    > if dec>0 and dec<256 then
    > firsttwoHextoAscii = chr(dec)
    > end if
    > end if
    > end function
    >
    > function URLunencode(strEncoded)
    > dim unencoded,part
    > if isnull(strEncoded) or strEncoded="" then
    > URLunencode = ""
    > else
    > unencoded = split(replace(strEncoded,"+"," "),"%")
    > for part = 1 to ubound(unencoded)
    > unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
    > mid(unencoded(part),3)
    > next
    > URLunencode = join(unencoded,"")
    > end if
    > end function
    >
     
    George Hester, Nov 19, 2004
    #3
  4. Hi again MikeT. I didn't put your construction in the right place when I first tried to use it. What I was doing was encoding as that example showed. But then I used the same method again. It was in the second use of it that Server.URLEncode was acting on something that already was encoded. I tried just removing the second encoding but I lost all my QueryStrings. Anyway I put your VBScript unencode in and it performed admirably. I just want to thank you again for a very nice piece of code.

    --
    George Hester
    _________________________________
    "MikeT" <9.co.uk> wrote in message news:...
    > On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
    > <> wrote:
    > >This code has problems. If the URL contains a parameter
    > >which is an image like blondie.jpg then what is sent to the
    > >Logon page is NOT the URL that ostensibly was sent to the
    > >logon page. Not only does it look different obviously but
    > >it IS different.
    > >
    > >If the URL accessed (mypage.asp) is like this:
    > >
    > >http://www.mydomain.com/more.asp?image=blondie.jpg
    > >
    > >Then what is sent to the logon page looks like this:
    > >
    > >http://www.mydomain.com/logon.asp?from=http://www.mydomain.com/more.asp?image=blondie%2Ejpg
    > >
    > >This is because the Request.ServerVariables("URL") does a
    > >little bit of encoding It encodes . to %2E and therefore when
    > >we pass this into Server.URLEncode it strips out the % and puts
    > >it as %25 and leaves the 2E alone. This then causes an error in
    > >JavaScript.
    > >

    >
    > OK, so simply unencode the URL before encoding it again. If your
    > script can't cope with encoded URLs it's going to break anyway
    > someday...
    >
    > I'm not saying this is the best way to do it, but off the top of my
    > head:
    >
    > const Hexconvert = "0123456789ABCDEF"
    >
    > function firsttwoHextoAscii(strHex)
    > dim dec
    > firsttwoHextoAscii = ""
    > if len(strHex)>1 then
    > dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
    > instr(1,Hexconvert,mid(strHex,2,1),1) - 17
    > if dec>0 and dec<256 then
    > firsttwoHextoAscii = chr(dec)
    > end if
    > end if
    > end function
    >
    > function URLunencode(strEncoded)
    > dim unencoded,part
    > if isnull(strEncoded) or strEncoded="" then
    > URLunencode = ""
    > else
    > unencoded = split(replace(strEncoded,"+"," "),"%")
    > for part = 1 to ubound(unencoded)
    > unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
    > mid(unencoded(part),3)
    > next
    > URLunencode = join(unencoded,"")
    > end if
    > end function
    >
     
    George Hester, Nov 21, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andreas Klemt
    Replies:
    4
    Views:
    10,368
    mikeb
    Jan 22, 2004
  2. msn

    Server.UrlEncode error???

    msn, Feb 20, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    483
  3. Dario Sala
    Replies:
    1
    Views:
    3,863
    Karl Seguin
    Nov 15, 2004
  4. Hemant

    Problem with Server.UrlEncode

    Hemant, Sep 23, 2009, in forum: ASP .Net
    Replies:
    2
    Views:
    1,394
    Gregory A. Beamer
    Sep 23, 2009
  5. MyndPhlyp
    Replies:
    3
    Views:
    511
    MyndPhlyp
    Oct 3, 2005
Loading...

Share This Page