apps may use request.args[i] to build expressions (for example for eval or open files) without validation because they expect it to contain alphanumeric chars without spaces. I cannot think of a specific issue because there is nothing in web2py that uses this restriction.
I have a proposal that could make everybody happy. What if any " " or %20 in the URL were automatically replaced by a '_'? Massimo On Dec 20, 2:00 am, mmstud <mms...@gmail.com> wrote: > Please could you clarify, what kind of security issues it woud raise? > > On 20 joulu, 09:07, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > This will not supported. You can change the regex_url in main.py but > > this may cause security issues. > > > Massimo > > > On Dec 19, 3:13 pm, mmstud <mms...@gmail.com> wrote: > > > > The reason for need of spaces on url traces to my tests over SEO urls. > > > _ under_lined words does not rank as well as -con-cate-nated strings. > > > And finally it seems properly encoded space character works best. So i > > > really need this to work. Also query part of the url is not, where i > > > want to set my keywords, but rather either into directory name or file > > > name. So i think i have to hack main.py... Is there anything else i > > > should take in count? > > > > -Marko > > > > On 19 joulu, 20:44, Timothy Farrell <tfarr...@swgen.com> wrote: > > > > > If you really need it, you can modify the regular expression in main.py > > > > line 39(ish). I did this for a time, but if you have control of the > > > > calling page, it's easier (in web2py) to convert the args to vars. > > > > -tim > > > > mdipierro wrote:you cannot. On Dec 19, 5:39 am, > > > > mmstud<mms...@gmail.com>wrote:How can i accept spaces in a form of %20 > > > > in url? domain.com/app/default/index/my%20space%20word at the moment i > > > > get invalid request from web2py -Marko-- Timothy > > > > Farrell<tfarr...@swgen.com>Computer Guy Statewide General Insurance > > > > Agency (www.swgen.com) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
