Issues

ZF-10964: urldecode called twice

Description

I'm using the Rest Route in combination with Rest Controllers etc.

When I call something like this:

/contact/index/emailAddresses.value/foo+test@bar.de

with rawurlencoded values, PHP shows me correctly decoded values in the REQUEST_STRING and other $_SERVER variables, but with $this->_getParam("emailAddresses.value") in my controller I get

"foo test@bar.de"

which is wrong.

Comments

I've removed the duplicate calls to urldecode and added several new unit tests to make sure this works correctly.

I think it would be more appropriate to remove the call to urldecode() in Zend_Controller_Request_Http::setPathInfo() - it's creating havoc with encoded slashes there - than in in Zend_Rest_Route::match(). There is already a patch attached at ZF-3527.

Martin, that sounds like it would work just fine as well. Either way, please leave my new unit tests in place (assuming you agree that they make sense) as they test for this double urldecode bug.

Yeah, I think that urldecode() is simply misplaced in setPathInfo() and related to a bunch of bug reports - but: I have no commit or patch rights and capabilities, so I hope someone could look at that patch from ZF-3527 / Artiom Lunev and commit it.

Martin, removing the urldecode() in Zend_Controller_Request_Http::setPathInfo() does not completely fix the issue. If I revert my change and make that change instead, the "edit" action ID does not decode properly in Zend_Rest_RouteTest::test_RESTfulApp_GET_project_edit_urlencodedWithPlusSymbol(). However, wrapping a urldecode around $path[$pathElementCount-2] in the 'edit" specialGetTarget in Zend_Rest_Route::match() then makes this test pass. So, if your proposed change is accepted then this new call to urldecode will have to be added.

What's the status on this? It's marked as fixed, but the mentioned fix to Zend_Controller_Request_Http::setPathInfo() has not been committed yet. It does not only affect Zend_Rest_Route, but every application of Zend_Controller_Request_Http. I'm currently struggling with double-urldecoded slashes and '+' characters, and workarounds would be really ugly.

Holger, which version of Zend Framework are you using and are you using Zend_Rest_Route? This is fixed in version 1.11.4, but only for Zend_Rest_Route. This ticket only applies to the Zend_Rest_Route component. If you're experiencing this issue while using another component, take a look at ZF-3527.

Sorry, this is just confusing. I don't use Zend_Rest_Route. But as stated in a previous comment, the source of the problem lies within Zend_Controller_Request_Http, so I wonder why it has not been fixed there.

Potential fix in trunk at r24002 - asking for watchers to test now.

This has more to do with Zend_Rest_Route than the issue which was fixed in ZF-3527, reopening.

Fixed in trunk at r24012 Fixed in release branch 1.11 at r24013