I think I vote for 1) - either you supply URL escaped data to curl/curl_escape,
or you dont. Its not possible to reliably guess what form the data is in - the
'user' has to know.

URL escaping isn't idempotent - if you escpae something twice, you end up with a
different result ( e(e(X)) != e(X) for all X).

I think its a problem with URL encoding that this is so, but I don't think we can
change that very easily...

If the data is already escaped, don't call curl_escape.

Cris

Daniel Stenberg wrote:
>
> On Mon, 30 Jul 2001, Evan Martin wrote:
>
> > I recently received a bug report about my program being able to handle
> > sending %20 characters properly.
> >
> > I traced it down to this bit in escape.c:
> >
> > (function: curl_escape())
> > /* encode it */
> > if(('%' == in) &&
> > (length>=2) &&
> > isxdigit((int)string[1]) &&
> > isxdigit((int)string[2]) ) {
> > /*
> > * This is an already encoded letter, leave it!
> > */
> > memcpy(&ns[index], string, 3);
> > string+=2;
> > }
> >
> > This behavior seems incorrect to me.
> >
> > Suppose I'm posting a form where I want to include a literal "%20" (or
> > any other form of % followed by two hex digits): If I simply pass the
> > data through curl_escape, it won't be encoded properly.
>
> I agree we need to make a decision on this.
>
> I did add that kind of check because someone wanted it and I kind of agreed
> it was a nice idea, but... it also prevents some operations so I figure we
> should either:
>
> 1 - remove the code
> or
> 2 - make it optional
>
> ... and I think option 1 is closer to my mind, as we don't need to change any
> interface for that.
>
> --
> Daniel Stenberg -- curl dude -- http://curl.haxx.se/
>
> _______________________________________________
> Curl-library mailing list
> http://curl.haxx.se/libcurl/

_______________________________________________
Curl-library mailing list
http://curl.haxx.se/libcurl/