do not consider slashes escape-worthy!
authorMichael Wallner <mike@php.net>
Wed, 9 Jul 2014 18:15:08 +0000 (20:15 +0200)
committerMichael Wallner <mike@php.net>
Wed, 9 Jul 2014 18:15:08 +0000 (20:15 +0200)
php_http_params.c

index f8e6e88..1757ec9 100644 (file)
@@ -71,7 +71,7 @@ static inline void prepare_escaped(zval *zv TSRMLS_DC)
                Z_STRVAL_P(zv) = php_addcslashes(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &Z_STRLEN_P(zv), 1,
                                ZEND_STRL("\0..\37\173\\\"") TSRMLS_CC);
 
-               if (len != Z_STRLEN_P(zv) || strpbrk(Z_STRVAL_P(zv), "()<>@,;:\"/[]?={} ")) {
+               if (len != Z_STRLEN_P(zv) || strpbrk(Z_STRVAL_P(zv), "()<>@,;:\"[]?={} ")) {
                        zval tmp = *zv;
                        int len = Z_STRLEN_P(zv) + 2;
                        char *str = emalloc(len + 1);