http://support.microsoft.com/default...b;en-us;301464
Look down at the MyPage.asp example. You will see that Microsoft does this:
'Costruct the URL for the current page
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
If Request.QueryString.Count > 0 Then
s = s & "?" & Request.QueryString
End If
'Redirect unauthorised users to the logon page
Response.Redirect "Logon.asp?from=" & Server.URLEncode(s)
This code has problems. If the URL contains a parameter which is an image like blondie.jpg then what is sent to the Logon page is NOT the URL that ostensibly was sent to the logon page. Not only does it look different obviously but it IS different.
If the URL accessed (mypage.asp) is like this:
http://www.mydomain.com/more.asp?image=blondie.jpg
Then what is sent to the logon page looks like this:
http://www.mydomain.com/logon.asp?fr...londie%252Ejpg
This is because the Request.ServerVariables("URL") does a little bit of encoding It encodes . to %2E and therefore when we pass this into Server.URLEncode it strips out the % and puts it as %25 and leaves the 2E alone. This then causes an error in JavaScript. Weirdly the image will still display. I don't know why but it does. If you access the image parameter in a <IMG src="<%=Request.QueryString("image")%>" ....
This is not good. Is there something like Request.ServerVariables("URL") that leaves any and all characters alone in the URL so that Server.URLEncode has something to work on that has not been contaminated; so that I don't have to workaround this issue. Or can someone tell me ALL the characters that Server.Variables("URL") will escode so that I can fix this? Thanks.
--
George Hester
_________________________________