API request: Regarding '&' and '='

[l0rdphi1]

The ampersand and equals-sign are special characters. For obvious reasons, in the context of URL-formatted keys and values, they cannot exist (well, actually, they can exist to some extent, but PHP's parse_str function hasn't realized that yet).

For future versions of DA, can '&' and '=' be escaped in some form or another? A simple ' %26' for '&' and '%3D' for '=' should be fine.

Thanks

 

[DirectAdmin Support]

Which for.. DA results, or the values you pass in?
And if it's for a DA result, let me know which command, because most of them should already be escaped.

John

 

[FarCry]

Its for results, though i havent seen this myself. Is all user input'ed data escaped?

 

[DirectAdmin Support]

The user input would be up to the browser. DA will find all the %## characters (and the space '+' character) and convert them to their proper form. If the browser passes a pile of unencoded & characters, DA has to assume that they are value separators. (It's the responsibility of the sender to encode text).

And if DA ever shows & or = in the result that's outputted (which isn't a value separator) let me know so I can have a look where/why it's happening.

John

 

[l0rdphi1]

I'll have to dig it up again, but if I remember correctly, I was getting a few in the create account error string. I'll find them.