Reputation: 146460
Route parameters are URL-encoded
I'm trying out Lumen and I've written my first route:
$app->get('hello/{name}', function ($name) {
return "Hello, $name!";
});
The documentation I've read so far doesn't say a word about how the framework approaches HTML-injection so I made a quick test:
http://example.com/hello/<u>café
... which showed up like this:
Hello, %3Cu%3Ecaf%C3%A9!
In other words, route parameters are not URL-decoded when they reach my function. Other frameworks I've tried decode everything for you, just as if you were reading from $_GET.
Is there an issue with my set-up (Apache/2.4, mod_php and mod_rewrite with the default .htaccess bundled with the framework) or that's the expected input?
Upvotes: 1
Views: 1162
Answers (1)
Reputation: 146460
It's an intentional bug/feature (see Route parameters are URL-encoded #238 for reference). No idea about the rationale behind the design decision.
Upvotes: 1
Related Questions
- Pass characters to slim php 3 routes
- How to URL encode a URI route parameter in Laravel
- Symfony automatically urlencodes routes
- Getting route parameters in Lumen
- Using Klein PHP to access routing parameters
- How can I fix PHP AltoRouter URL character problems?
- Preprocess lumen route parameters with urldecode
- Symfony add a parameter to route, this parameter is a encoded URI
- Encoded params in Zend Framework 2 route
- Route-problem regarding Url-encoded Umlauts (using the Zend-framework)