The util_uri_escape function converts any special characters in the URI into the URI format (%XX, where XX is the hexadecimal equivalent of the ASCII character), and returns the escaped string. The special characters are %?#:+&*"<>, space, carriage return, and line feed.
Use util_uri_escape before sending a URI back to the client.
char *util_uri_escape(char *d, char *s);
The string (possibly newly allocated) with escaped characters replaced.
char *d is a string. If d is not NULL, the function copies the formatted string into d and returns d. If d is NULL, the function allocates a properly sized string and copies the formatted special characters into the new string, then returns d.
The util_uri_escape function does not check bounds for the parameter d. Therefore, if d is not NULL, it should be at least three times as large as the string s.
char *s is the string containing the original unescaped URI.
util_uri_is_evil, util_uri_parse, util_uri_unescape