473,320 Members | 1,535 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

My problem with Server.URLEncode as used here

http://support.microsoft.com/default...b;en-us;301464

Look down at the MyPage.asp example. You will see that Microsoft does this:

'Costruct the URL for the current page
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
If Request.QueryString.Count > 0 Then
s = s & "?" & Request.QueryString
End If
'Redirect unauthorised users to the logon page
Response.Redirect "Logon.asp?from=" & Server.URLEncode(s)

This code has problems. If the URL contains a parameter which is an image like blondie.jpg then what is sent to the Logon page is NOT the URL that ostensibly was sent to the logon page. Not only does it look different obviously but it IS different.

If the URL accessed (mypage.asp) is like this:

http://www.mydomain.com/more.asp?image=blondie.jpg

Then what is sent to the logon page looks like this:

http://www.mydomain.com/logon.asp?fr...londie%252Ejpg

This is because the Request.ServerVariables("URL") does a little bit of encoding It encodes . to %2E and therefore when we pass this into Server.URLEncode it strips out the % and puts it as %25 and leaves the 2E alone. This then causes an error in JavaScript. Weirdly the image will still display. I don't know why but it does. If you access the image parameter in a <IMG src="<%=Request.QueryString("image")%>" ....

This is not good. Is there something like Request.ServerVariables("URL") that leaves any and all characters alone in the URL so that Server.URLEncode has something to work on that has not been contaminated; so that I don't have to workaround this issue. Or can someone tell me ALL the characters that Server.Variables("URL") will escode so that I can fix this? Thanks.

--
George Hester
_________________________________

Jul 22 '05 #1
3 5120
On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
<he********@hotmail.com> wrote:
This code has problems. If the URL contains a parameter
which is an image like blondie.jpg then what is sent to the
Logon page is NOT the URL that ostensibly was sent to the
logon page. Not only does it look different obviously but
it IS different.

If the URL accessed (mypage.asp) is like this:

http://www.mydomain.com/more.asp?image=blondie.jpg

Then what is sent to the logon page looks like this:

http://www.mydomain.com/logon.asp?fr...londie%252Ejpg

This is because the Request.ServerVariables("URL") does a
little bit of encoding It encodes . to %2E and therefore when
we pass this into Server.URLEncode it strips out the % and puts
it as %25 and leaves the 2E alone. This then causes an error in
JavaScript.


OK, so simply unencode the URL before encoding it again. If your
script can't cope with encoded URLs it's going to break anyway
someday...

I'm not saying this is the best way to do it, but off the top of my
head:

const Hexconvert = "0123456789ABCDEF"

function firsttwoHextoAscii(strHex)
dim dec
firsttwoHextoAscii = ""
if len(strHex)>1 then
dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
instr(1,Hexconvert,mid(strHex,2,1),1) - 17
if dec>0 and dec<256 then
firsttwoHextoAscii = chr(dec)
end if
end if
end function

function URLunencode(strEncoded)
dim unencoded,part
if isnull(strEncoded) or strEncoded="" then
URLunencode = ""
else
unencoded = split(replace(strEncoded,"+"," "),"%")
for part = 1 to ubound(unencoded)
unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
mid(unencoded(part),3)
next
URLunencode = join(unencoded,"")
end if
end function

Jul 22 '05 #2
Thanks MikeT. I think I can integrate this in. Lot of work it seems to me to avoid this Request.ServerVariables("URL") and Server.URLEncode combination usage issue. I had put some work into getting images that had + in the name in fact any character that could safely be used in naming files in Windows Explorer.to work. I had it good. Then I noticed this issue came up. I ran into it before in little different way but I was able to work around what VBScript and ASP was doing. But this one I think you have helped better than I had. But I am back to the above issue. If the file is named say

blon %2E+.jpg

Then we are going to catch that in our\(your) function and kill the name of the file. I did have this working and without Replace. Looks like I am back to the drawing board. If only Request.ServerVariables("URL") did NOT encoding at all I'd be a happy camper. The trouble is when we make a programming language with statements\functions that do more, than one thing well, we end up with issues such as this. Request.ServerVariables("URL) should do NOTHING to the URL and leave it up to Server.URLEncode to take care of encoding issues. IMHO.

--
George Hester
_________________________________
"MikeT" <ne**@chthonic.f9.co.uk> wrote in message news:6s********************************@4ax.com...
On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
<he********@hotmail.com> wrote:
This code has problems. If the URL contains a parameter
which is an image like blondie.jpg then what is sent to the
Logon page is NOT the URL that ostensibly was sent to the
logon page. Not only does it look different obviously but
it IS different.

If the URL accessed (mypage.asp) is like this:

http://www.mydomain.com/more.asp?image=blondie.jpg

Then what is sent to the logon page looks like this:

http://www.mydomain.com/logon.asp?fr...londie%252Ejpg

This is because the Request.ServerVariables("URL") does a
little bit of encoding It encodes . to %2E and therefore when
we pass this into Server.URLEncode it strips out the % and puts
it as %25 and leaves the 2E alone. This then causes an error in
JavaScript.


OK, so simply unencode the URL before encoding it again. If your
script can't cope with encoded URLs it's going to break anyway
someday...

I'm not saying this is the best way to do it, but off the top of my
head:

const Hexconvert = "0123456789ABCDEF"

function firsttwoHextoAscii(strHex)
dim dec
firsttwoHextoAscii = ""
if len(strHex)>1 then
dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
instr(1,Hexconvert,mid(strHex,2,1),1) - 17
if dec>0 and dec<256 then
firsttwoHextoAscii = chr(dec)
end if
end if
end function

function URLunencode(strEncoded)
dim unencoded,part
if isnull(strEncoded) or strEncoded="" then
URLunencode = ""
else
unencoded = split(replace(strEncoded,"+"," "),"%")
for part = 1 to ubound(unencoded)
unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
mid(unencoded(part),3)
next
URLunencode = join(unencoded,"")
end if
end function


Jul 22 '05 #3
Hi again MikeT. I didn't put your construction in the right place when I first tried to use it. What I was doing was encoding as that example showed. But then I used the same method again. It was in the second use of it that Server.URLEncode was acting on something that already was encoded. I tried just removing the second encoding but I lost all my QueryStrings. Anyway I put your VBScript unencode in and it performed admirably. I just want to thank you again for a very nice piece of code.

--
George Hester
_________________________________
"MikeT" <ne**@chthonic.f9.co.uk> wrote in message news:6s********************************@4ax.com...
On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
<he********@hotmail.com> wrote:
This code has problems. If the URL contains a parameter
which is an image like blondie.jpg then what is sent to the
Logon page is NOT the URL that ostensibly was sent to the
logon page. Not only does it look different obviously but
it IS different.

If the URL accessed (mypage.asp) is like this:

http://www.mydomain.com/more.asp?image=blondie.jpg

Then what is sent to the logon page looks like this:

http://www.mydomain.com/logon.asp?fr...londie%252Ejpg

This is because the Request.ServerVariables("URL") does a
little bit of encoding It encodes . to %2E and therefore when
we pass this into Server.URLEncode it strips out the % and puts
it as %25 and leaves the 2E alone. This then causes an error in
JavaScript.


OK, so simply unencode the URL before encoding it again. If your
script can't cope with encoded URLs it's going to break anyway
someday...

I'm not saying this is the best way to do it, but off the top of my
head:

const Hexconvert = "0123456789ABCDEF"

function firsttwoHextoAscii(strHex)
dim dec
firsttwoHextoAscii = ""
if len(strHex)>1 then
dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
instr(1,Hexconvert,mid(strHex,2,1),1) - 17
if dec>0 and dec<256 then
firsttwoHextoAscii = chr(dec)
end if
end if
end function

function URLunencode(strEncoded)
dim unencoded,part
if isnull(strEncoded) or strEncoded="" then
URLunencode = ""
else
unencoded = split(replace(strEncoded,"+"," "),"%")
for part = 1 to ubound(unencoded)
unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
mid(unencoded(part),3)
next
URLunencode = join(unencoded,"")
end if
end function


Jul 22 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: |-|erc | last post by:
<?php // Get the names and values for vars sent by index.lib.php3 if (isset($HTTP_GET_VARS)) { while(list($name,$value) = each($HTTP_GET_VARS)) { $$name = $value; }; };
5
by: Dave Smithz | last post by:
Hi There, I have a PHP script that sends an email with attachment and works great when provided the path to the file to send. However this file needs to be on the same server as the script. ...
7
by: -D- | last post by:
I have some code that I'm trying to add a CSS pseudoclass style for formatting purposes. Here is a snippet of the code I'm trying to add the pseudoclass to: Dim tmpHTML tmpHTML="" tmpHTML =...
0
by: debk | last post by:
Server.UrlEncode is not longer converting the ampersand in a string to %26 so the value passed in the querystring gets truncated in the following page. Is this a problem with IIS, does anyone know?...
7
by: Tom Petersen | last post by:
I must have the format of the below line wrong for IE: click <a href="cal.asp?sdate=<% =strDate1 %>&location=<% =strLocation %>&eTime=<% =strDate2 %>">here</a> to add this information to your...
4
by: Andreas Klemt | last post by:
Hello, is there a difference between System.Web.HttpUtility.UrlEncode and Server.UrlEncode ?
1
by: mister-Ed | last post by:
I am displaying subcategories in my datalist, and now I have a bizarre thing happen when I add a new subcategory record in my sql database, the new subcategory link does not click into the next...
0
by: Shaikh shahnawaz | last post by:
Hi, I have implement multiple file uploading progress bar with the help of flash and .net file is upload on my local machine but not working with server it's give error while uploading image on...
3
by: aRTx | last post by:
I have try a couple of time but does not work for me My files everytime are sortet by NAME. I want to Sort my files by Date-desc. Can anyone help me to do it? The Script <? /* ORIGJINALI
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.