Issues

ZF-10964: urldecode called twice

Issue Type: Bug Created: 2011-01-19T08:20:46.000+0000 Last Updated: 2011-05-04T21:20:17.000+0000 Status: Resolved Fix version(s): - 1.11.6 (05/May/11)

Reporter: Sebastian Hoitz (nekromanter) Assignee: Ralph Schindler (ralph) Tags: - Zend_Rest_Route

Related issues: - ZF-3527

Attachments:

Description

I'm using the Rest Route in combination with Rest Controllers etc.

When I call something like this:

/contact/index/emailAddresses.value/foo+test@bar.de

with rawurlencoded values, PHP shows me correctly decoded values in the REQUEST_STRING and other $_SERVER variables, but with $this->_getParam("emailAddresses.value") in my controller I get

"foo test@bar.de"

which is wrong.

Comments

Posted by Bradley Holt (bradley.holt) on 2011-02-01T14:58:35.000+0000

I've removed the duplicate calls to urldecode and added several new unit tests to make sure this works correctly.

Posted by Martin Stricker (strickr) on 2011-02-01T15:33:59.000+0000

I think it would be more appropriate to remove the call to urldecode() in Zend_Controller_Request_Http::setPathInfo() - it's creating havoc with encoded slashes there - than in in Zend_Rest_Route::match(). There is already a patch attached at ZF-3527.

Posted by Bradley Holt (bradley.holt) on 2011-02-02T06:53:32.000+0000

Martin, that sounds like it would work just fine as well. Either way, please leave my new unit tests in place (assuming you agree that they make sense) as they test for this double urldecode bug.

Posted by Martin Stricker (strickr) on 2011-02-02T06:58:03.000+0000

Yeah, I think that urldecode() is simply misplaced in setPathInfo() and related to a bunch of bug reports - but: I have no commit or patch rights and capabilities, so I hope someone could look at that patch from ZF-3527 / Artiom Lunev and commit it.

Posted by Bradley Holt (bradley.holt) on 2011-02-02T07:27:47.000+0000

Martin, removing the urldecode() in Zend_Controller_Request_Http::setPathInfo() does not completely fix the issue. If I revert my change and make that change instead, the "edit" action ID does not decode properly in Zend_Rest_RouteTest::test_RESTfulApp_GET_project_edit_urlencodedWithPlusSymbol(). However, wrapping a urldecode around $path[$pathElementCount-2] in the 'edit" specialGetTarget in Zend_Rest_Route::match() then makes this test pass. So, if your proposed change is accepted then this new call to urldecode will have to be added.

Posted by Holger Schletz (hschletz) on 2011-04-18T17:08:05.000+0000

What's the status on this? It's marked as fixed, but the mentioned fix to Zend_Controller_Request_Http::setPathInfo() has not been committed yet. It does not only affect Zend_Rest_Route, but every application of Zend_Controller_Request_Http. I'm currently struggling with double-urldecoded slashes and '+' characters, and workarounds would be really ugly.

Posted by Bradley Holt (bradley.holt) on 2011-04-18T17:23:16.000+0000

Holger, which version of Zend Framework are you using and are you using Zend_Rest_Route? This is fixed in version 1.11.4, but only for Zend_Rest_Route. This ticket only applies to the Zend_Rest_Route component. If you're experiencing this issue while using another component, take a look at ZF-3527.

Posted by Holger Schletz (hschletz) on 2011-04-29T17:58:37.000+0000

Sorry, this is just confusing. I don't use Zend_Rest_Route. But as stated in a previous comment, the source of the problem lies within Zend_Controller_Request_Http, so I wonder why it has not been fixed there.

Posted by Ralph Schindler (ralph) on 2011-05-04T17:03:16.000+0000

Potential fix in trunk at r24002 - asking for watchers to test now.

Posted by Ralph Schindler (ralph) on 2011-05-04T18:05:10.000+0000

This has more to do with Zend_Rest_Route than the issue which was fixed in ZF-3527, reopening.

Posted by Ralph Schindler (ralph) on 2011-05-04T21:20:08.000+0000

Fixed in trunk at r24012 Fixed in release branch 1.11 at r24013

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts