My problem with Server.URLEncode as used here

11-19-2004

http://support.microsoft.com/default...b;en-us;301464

Look down at the MyPage.asp example. You will see that Microsoft does this:

'Costruct the URL for the current page
s = "http://"
s = s & Request.ServerVariables("HTTP_HOST")
s = s & Request.ServerVariables("URL")
If Request.QueryString.Count > 0 Then
s = s & "?" & Request.QueryString
End If
'Redirect unauthorised users to the logon page
Response.Redirect "Logon.asp?from=" & Server.URLEncode(s)

This code has problems. If the URL contains a parameter which is an image like blondie.jpg then what is sent to the Logon page is NOT the URL that ostensibly was sent to the logon page. Not only does it look different obviously but it IS different.

If the URL accessed (mypage.asp) is like this:

http://www.mydomain.com/more.asp?image=blondie.jpg

Then what is sent to the logon page looks like this:

http://www.mydomain.com/logon.asp?fr...londie%252Ejpg

This is because the Request.ServerVariables("URL") does a little bit of encoding It encodes . to %2E and therefore when we pass this into Server.URLEncode it strips out the % and puts it as %25 and leaves the 2E alone. This then causes an error in JavaScript. Weirdly the image will still display. I don't know why but it does. If you access the image parameter in a <IMG src="<%=Request.QueryString("image")%>" ....

This is not good. Is there something like Request.ServerVariables("URL") that leaves any and all characters alone in the URL so that Server.URLEncode has something to work on that has not been contaminated; so that I don't have to workaround this issue. Or can someone tell me ALL the characters that Server.Variables("URL") will escode so that I can fix this? Thanks.

--
George Hester
_________________________________

11-19-2004

On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
<> wrote:
>This code has problems. If the URL contains a parameter
>which is an image like blondie.jpg then what is sent to the
>Logon page is NOT the URL that ostensibly was sent to the
>logon page. Not only does it look different obviously but
>it IS different.
>
>If the URL accessed (mypage.asp) is like this:
>
>http://www.mydomain.com/more.asp?image=blondie.jpg
>
>Then what is sent to the logon page looks like this:
>
>http://www.mydomain.com/logon.asp?fr...londie%252Ejpg
>
>This is because the Request.ServerVariables("URL") does a
>little bit of encoding It encodes . to %2E and therefore when
>we pass this into Server.URLEncode it strips out the % and puts
>it as %25 and leaves the 2E alone. This then causes an error in
>JavaScript.
>

OK, so simply unencode the URL before encoding it again. If your
script can't cope with encoded URLs it's going to break anyway
someday...

I'm not saying this is the best way to do it, but off the top of my
head:

const Hexconvert = "0123456789ABCDEF"

function firsttwoHextoAscii(strHex)
dim dec
firsttwoHextoAscii = ""
if len(strHex)>1 then
dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
instr(1,Hexconvert,mid(strHex,2,1),1) - 17
if dec>0 and dec<256 then
firsttwoHextoAscii = chr(dec)
end if
end if
end function

function URLunencode(strEncoded)
dim unencoded,part
if isnull(strEncoded) or strEncoded="" then
URLunencode = ""
else
unencoded = split(replace(strEncoded,"+"," "),"%")
for part = 1 to ubound(unencoded)
unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
mid(unencoded(part),3)
next
URLunencode = join(unencoded,"")
end if
end function

11-19-2004

Thanks MikeT. I think I can integrate this in. Lot of work it seems to me to avoid this Request.ServerVariables("URL") and Server.URLEncode combination usage issue. I had put some work into getting images that had + in the name in fact any character that could safely be used in naming files in Windows Explorer.to work. I had it good. Then I noticed this issue came up. I ran into it before in little different way but I was able to work around what VBScript and ASP was doing. But this one I think you have helped better than I had. But I am back to the above issue. If the file is named say

blon %2E+.jpg

Then we are going to catch that in our\(your) function and kill the name of the file. I did have this working and without Replace. Looks like I am back to the drawing board. If only Request.ServerVariables("URL") did NOT encoding at all I'd be a happy camper. The trouble is when we make a programming language with statements\functions that do more, than one thing well, we end up with issues such as this. Request.ServerVariables("URL) should do NOTHING to the URL and leave it up to Server.URLEncode to take care of encoding issues. IMHO.

--
George Hester
_________________________________
"MikeT" <> wrote in message news:...
> On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
> <> wrote:
> >This code has problems. If the URL contains a parameter
> >which is an image like blondie.jpg then what is sent to the
> >Logon page is NOT the URL that ostensibly was sent to the
> >logon page. Not only does it look different obviously but
> >it IS different.
> >
> >If the URL accessed (mypage.asp) is like this:
> >
> >http://www.mydomain.com/more.asp?image=blondie.jpg
> >
> >Then what is sent to the logon page looks like this:
> >
> >http://www.mydomain.com/logon.asp?fr...londie%252Ejpg
> >
> >This is because the Request.ServerVariables("URL") does a
> >little bit of encoding It encodes . to %2E and therefore when
> >we pass this into Server.URLEncode it strips out the % and puts
> >it as %25 and leaves the 2E alone. This then causes an error in
> >JavaScript.
> >
>
> OK, so simply unencode the URL before encoding it again. If your
> script can't cope with encoded URLs it's going to break anyway
> someday...
>
> I'm not saying this is the best way to do it, but off the top of my
> head:
>
> const Hexconvert = "0123456789ABCDEF"
>
> function firsttwoHextoAscii(strHex)
> dim dec
> firsttwoHextoAscii = ""
> if len(strHex)>1 then
> dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
> instr(1,Hexconvert,mid(strHex,2,1),1) - 17
> if dec>0 and dec<256 then
> firsttwoHextoAscii = chr(dec)
> end if
> end if
> end function
>
> function URLunencode(strEncoded)
> dim unencoded,part
> if isnull(strEncoded) or strEncoded="" then
> URLunencode = ""
> else
> unencoded = split(replace(strEncoded,"+"," "),"%")
> for part = 1 to ubound(unencoded)
> unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
> mid(unencoded(part),3)
> next
> URLunencode = join(unencoded,"")
> end if
> end function
>

11-21-2004

Hi again MikeT. I didn't put your construction in the right place when I first tried to use it. What I was doing was encoding as that example showed. But then I used the same method again. It was in the second use of it that Server.URLEncode was acting on something that already was encoded. I tried just removing the second encoding but I lost all my QueryStrings. Anyway I put your VBScript unencode in and it performed admirably. I just want to thank you again for a very nice piece of code.

--
George Hester
_________________________________
"MikeT" <> wrote in message news:...
> On Thu, 18 Nov 2004 23:02:07 -0500, "George Hester"
> <> wrote:
> >This code has problems. If the URL contains a parameter
> >which is an image like blondie.jpg then what is sent to the
> >Logon page is NOT the URL that ostensibly was sent to the
> >logon page. Not only does it look different obviously but
> >it IS different.
> >
> >If the URL accessed (mypage.asp) is like this:
> >
> >http://www.mydomain.com/more.asp?image=blondie.jpg
> >
> >Then what is sent to the logon page looks like this:
> >
> >http://www.mydomain.com/logon.asp?fr...londie%252Ejpg
> >
> >This is because the Request.ServerVariables("URL") does a
> >little bit of encoding It encodes . to %2E and therefore when
> >we pass this into Server.URLEncode it strips out the % and puts
> >it as %25 and leaves the 2E alone. This then causes an error in
> >JavaScript.
> >
>
> OK, so simply unencode the URL before encoding it again. If your
> script can't cope with encoded URLs it's going to break anyway
> someday...
>
> I'm not saying this is the best way to do it, but off the top of my
> head:
>
> const Hexconvert = "0123456789ABCDEF"
>
> function firsttwoHextoAscii(strHex)
> dim dec
> firsttwoHextoAscii = ""
> if len(strHex)>1 then
> dec = 16 * instr(1,Hexconvert,left(strHex,1),1) + _
> instr(1,Hexconvert,mid(strHex,2,1),1) - 17
> if dec>0 and dec<256 then
> firsttwoHextoAscii = chr(dec)
> end if
> end if
> end function
>
> function URLunencode(strEncoded)
> dim unencoded,part
> if isnull(strEncoded) or strEncoded="" then
> URLunencode = ""
> else
> unencoded = split(replace(strEncoded,"+"," "),"%")
> for part = 1 to ubound(unencoded)
> unencoded(part) = firsttwoHextoAscii(unencoded(part)) & _
> mid(unencoded(part),3)
> next
> URLunencode = join(unencoded,"")
> end if
> end function
>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I am buying all of the below Cisco equipment USED OR NEW. NOTE someline items say new or used, but I will buy them in both conditions.	network buyer	VOIP	0	12-23-2010 01:26 AM
Can Groovy be used in an applet and/or can it generate the Java bytecodes that then can be used in an applet?	Casey Hawthorne	Java	1	03-18-2009 12:56 AM
Is there a perl package, or data in a form easily used by a perlscript, that can be used to determine when to change to or from daylightsavings time?	Ted Byers	Perl Misc	23	11-15-2008 05:53 PM
Unreadable file on Canon S 400.I used a I used a	Joseph Miller	Digital Photography	3	01-13-2004 09:40 PM
[OT] - Definition of Usenet term used here a lot	Andrew Slade	C Programming	10	01-03-2004 02:58 AM