Zend_Uri_Http - square brackets in query string

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Zend_Uri_Http - square brackets in query string

Jesse McCarthy
I was looking into the behavior of http_build_query() with respect to square
brackets ("[", "]") in the query string and I came across this thread:

http://zend-framework-community.634137.n4.nabble.com/Accepting-square-brackets-in-Zend-Uri-Http-td675578.html#none

From the first post:

On May 01, 2007; 01:12 PM, Shahar Evron wrote:
> Apache, PHP and Firefox all allow you to use unescaped '[]' in requests.
> This conforms to RFC 3986 (http://www.ietf.org/rfc/rfc3986.txt )

I'm failing to see how that conforms to RFC 3986:

query         = *( pchar / "/" / "?" )

pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"

pct-encoded   = "%" HEXDIG HEXDIG

sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"


My reading of the RFC is that square brackets are not included in the
'query' rule.  That was also suggested on Jun 02, 2007 in a reply to the
post above, but no reply was made to that.

I think it's unfortunate if square brackets can't be included un-encoded in
the query string according to the relevant spec, e.g. RFC 3986.  If the
decision is made to deviate from the spec, that is what it is, but it seems
like this decision may have been made with an inaccurate understanding of
what the spec says.  Or have I misunderstood something?

For what it's worth, http_build_query() encodes square brackets, and
parse_str() produces the same result with either encoded or unencoded square
brackets.  See http://bugs.php.net/bug.php?id=36656