NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Preserve percent-encoding in URLs when performing redirects in the UrlMatcher#25427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Closed

mpdude wants to merge2 commits intosymfony:2.7frommpdude:redirectable_url_matcher_urlencode

Closed

Preserve percent-encoding in URLs when performing redirects in the UrlMatcher#25427

mpdude wants to merge2 commits intosymfony:2.7frommpdude:redirectable_url_matcher_urlencode

Conversation

Copy link

Contributor

mpdude commentedDec 10, 2017

Q	A
Branch?	2.7
Bug fix?	yes
New feature?	no
BC breaks?	no
Deprecations?	no
Tests pass?	yes
Fixed tickets
License	MIT
Doc PR

While investigating#25373, I found that when thedumpedUrlMatcher performs redirections due to missing trailing slashes on URLs, it does so using an urldecoded URL.

This is wrong, as it may lead to wrong interpretations of URLs upon the next request. For example, think of an URL that contains%23 in the middle of the path info. Upon redirection, this will be turned into# with an obvious effect.

Preserve percent-encoding in URLs when performing redirects in the Ur…

962e9f0

…lMatcher

carsonbot added Status: Needs Review Bug labels

Dec 10, 2017

chalasr added this to the2.7 milestone

Dec 11, 2017

Copy link

Member

nicolas-grekas commentedDec 11, 2017

Can you check the failures please?

Copy link

ContributorAuthor

mpdude commentedDec 11, 2017•
edited
Loading

fabbot complains about fixtures (src/Symfony/Component/Routing/Tests/Fixtures/dumper/url_matcher{1,2,3}.php). Won't fix that, as it would also mean having to change the MatcherDumper.

Create mock objects in a cross-version compatible way (?)

4a22a64

Copy link

ContributorAuthor

mpdude commentedDec 11, 2017

Overall, would it be better to applyrawurlencode instead of trying to preserve the URL as- is?

Simperfit approved these changes

Dec 12, 2017

View reviewed changes

carsonbot added Status: Reviewed and removed Status: Needs Review labels

Dec 12, 2017

fabpot approved these changes

Dec 14, 2017

View reviewed changes

Copy link

Member

fabpot commentedDec 14, 2017

Thank you@mpdude.

fabpot added a commit that referenced this pull request

Dec 14, 2017

bug#25427Preserve percent-encoding in URLs when performing redirect…

01229fb

…s in the UrlMatcher (mpdude)This PR was squashed before being merged into the 2.7 branch (closes#25427).Discussion----------Preserve percent-encoding in URLs when performing redirects in the UrlMatcher| Q             | A| ------------- | ---| Branch?       | 2.7| Bug fix?      | yes| New feature?  | no| BC breaks?    | no| Deprecations? | no| Tests pass?   | yes| Fixed tickets || License       | MIT| Doc PR        |While investigating#25373, I found that when the *dumped* `UrlMatcher` performs redirections due to missing trailing slashes on URLs, it does so using an url*de*coded URL.This is wrong, as it may lead to wrong interpretations of URLs upon the next request. For example, think of an URL that contains `%23` in the middle of the path info. Upon redirection, this will be turned into `#` with an obvious effect.Commits-------8146510 Preserve percent-encoding in URLs when performing redirects in the UrlMatcher

fabpot closed this

Dec 14, 2017

Copy link

Member