You do almost everything right. The only small mistake is that urlencode prefers to use the plus sign to indicate a space, which is suitable only for query parameters, and not for part of the path. rawurlencode will be better here.
However, this is not the reason why this does not work. You are already generating the path /controller/action/par1/%2F , which is correct.
This does not work in practice for you, because Apache is trying to protect you (rather inefficiently) from directory traversal issues. If you include the %2F sequence in the URL path, Apache will by default go over and show your own 404 page (ignoring any errordocument options). To disable this feature (IMO: misfeature), you can use the AllowEncodedSlashes directive.
If you really can get a coded slash when it gets back to your script, this is another worm worm. Due to the poor design of the PATH_INFO variable in the original CGI specification, many environments will not be able to see %2F as something other than unencrypted / , potentially disrupting the routing you make from the part path.
It is usually best to avoid slashes in parts of the path because Apache is not the only server or language to be confused by them. In general, you should use the query parameters to enter where you need to accept any string of bytes or characters, since parts of the path have practical problems on many servers with (a) / , (b) \ , (c) the NUL character and (d) empty lines.
bobince
source share