Plus (+) symbols are no longer being decoded into spaces when part of a URL capture #463

boucher opened this Issue Feb 8, 2012 · 9 comments


None yet

6 participants


A route defined like so:

get '/foo/:bar' do
    body "Hey #{params[:bar]}\n"

Used to behave like this in 1.2.6:

boucher ~ $ curl http://localhost:4567/foo/b+ar
Hey b ar

But in 1.3.2 it behaves like this:

boucher ~ $ curl http://localhost:4567/foo/b+ar
Hey b+ar

This does not, however, affect params sent in the post body. Plus symbols are still converted into spaces there.


The issue here is the URI.decode in process_route. I think the fix is to use URI.decode_www_form_component, though I'm not sure if something special needs to be done to use it pre Ruby-1.9.2 (it's backported into Rack, so presumably it should be OK to use?).

@rkh rkh pushed a commit that closed this issue Feb 10, 2012
@boucher boucher Plus symbols in the URL should be converted to spaces when considered…
… as param values.

Closes #463.
@rkh rkh closed this in 311aa42 Feb 10, 2012

I'm still seeing this issue in 1.3.3. Any ideas?

@rkh rkh reopened this Oct 10, 2012

I ended up using boucher's recommendation above (URI.decode_www_form_component) for the parameters I'm taking which might have spaces in them, but this still seems like a bug. It automatically decodes %20 just fine, but other URL encoding libs (e.g. Apache Commons) will send in + instead.


I am also running into this issue. Is there a reason that boucher's fix made it into master but not the latest 1.3.3 release?

@rkh rkh added a commit that referenced this issue Jan 26, 2013
@boucher boucher Plus symbols in the URL should be converted to spaces when considered…
… as param values. Closes #463.

Signed-off-by: Konstantin Haase <>
@rkh rkh closed this Jan 26, 2013
@rkh rkh added a commit that referenced this issue Feb 26, 2013
@rkh rkh Revert "Plus symbols in the URL should be converted to spaces when co…
…nsidered as param values. Closes #463."

This reverts commit babe1e8.


Fixes #638
@Rican7 Rican7 referenced this issue in klein/klein.php Jul 17, 2013

Named params should be urldecode'd #117


Still happens with query parameters in 1.4.5

    addressable (2.3.5)
    crack (0.3.2)
    rack (1.5.2)
    rack-protection (1.5.3)
    rack-test (0.6.2)
      rack (>= 1.0)
    rake (10.2.2)
    sinatra (1.4.5)
      rack (~> 1.4)
      rack-protection (~> 1.4)
      tilt (~> 1.3, >= 1.3.4)
    tilt (1.4.1)
    webmock (1.8.11)
      addressable (>= 2.2.7)
      crack (>= 0.1.7)


If I request /forecast?url=

get '/forecast' do
  puts params[:url]

I get:

➜  weatherman git:(fix-url-breakage) ✗ ruby test/test_api.rb -n /Latest/
Run options: -n /Latest/ --seed 13412

# Running tests: shtml/232030.shtml
@rkh rkh reopened this May 25, 2014
  it "does not convert plus sign into space as the value of a named param" do
    mock_app do
      get '/forecast' do
    get '/forecast?url='
    assert ok?
    assert_equal '', body


~/c/ruby/sinatra (fix-param-spacing*) $ ruby test/routing_test.rb
Run options: 

# Running tests:

[ 23/100] RoutingTest#test_does_not_convert_plus_sign_into_space_as_the_valu        
  1) Failure:
RoutingTest#test_does_not_convert_plus_sign_into_space_as_the_value_of_a_named_param_0 [test/routing_test.rb:373]:
<""> expected but was
<" shtml/240833.shtml?">.

Finished tests in 0.522258s, 191.4762 tests/s, 645.2749 assertions/s.               
100 tests, 337 assertions, 1 failures, 0 errors, 0 skips

ruby -v: ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin11.0]

Nevermind, I realized this should be closed.

Following means '+' is reserved, therefore any client making requests with '+' should encoded to '%2B'.

Sinatra member

👍 on leaving "+" => " "


@zzak zzak closed this Feb 13, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment