Caret symbol not included in stored URL when using non-encode plugin

[pclewisnz]

I found a similar Issue that is marked solved so I suspect I've caused this by making use of a plugin that was found inside another Issue solution.. there for not a bug

My problem URL comes from a Splunk search:
https://hidden/search?earliest=-15m&latest=now&q=search%20tag%3DSpeechIVR-Production%20tag%3DSpeechIVR-Log%20%20%20|%20rex%20%22.*TSAnswerPhone%3ASessionId%3A%28%3F%3CSessionId%3E[^%3A]%2B%29%22%20&display.page.search.mode=fast&dispatch.sample_ratio=1&display.general.type=events&display.page.search.tab=events&sid=1495425928.166882_668608EB-CEE5-4FA2-A108-FC3E8A28D65F

The stored URL using YOURLS results in:
https://hidden/search?earliest=-15m&latest=now&q=search%20tag%3DSpeechIVR-Production%20tag%3DSpeechIVR-Log%20%20%20|%20rex%20%22.*TSAnswerPhone%3ASessionId%3A%28%3F%3CSessionId%3E[%3A]%2B%29%22%20&display.page.search.mode=fast&dispatch.sample_ratio=1&display.general.type=events&display.page.search.tab=events&sid=1495425928.166882_668608EB-CEE5-4FA2-A108-FC3E8A28D65F )

The problem for me is that [^%3A] in original gets stored as [%3A]. the caret is completely dropped so I don't think it's an encoding issue. Suspect it's special handling inside the code base (?) and my reason for logging as an issue is that it's probably unintended and caused by the plugin. I wouldn't call it a bug since plugins surely are buyer beware...

The plugin I am using is the following:

/*
Plugin Name: Don't encode/decode
Plugin URI: http://yourls.org/
Description: Don't encode/decode submitted URLs
Version: 1.0
Author: Ozh
Author URI: http://ozh.org/
*/

yourls_add_filter( 'encodeURI', 'stewx_no_decode' );
function stewx_no_decode( $decoded, $original ) {
    return $original;
}

This plugin made the Splunk URL's work perfectly (until this example).

If I deactivate the plugin the URL stored is as follows:
https://hidden/search?earliest=-15m&latest=now&q=search%20tag=SpeechIVR-Production%20tag=SpeechIVR-Log%20%20%20%7C%20rex%20%22.*TSAnswerPhone:SessionId:(?%3CSessionId%3E%5B%5E:%5D+)%22%20&display.page.search.mode=fast&dispatch.sample_ratio=1&display.general.type=events&display.page.search.tab=events&sid=1495425928.166882_668608EB-CEE5-4FA2-A108-FC3E8A28D65F

This URL doesn't work for us because at the first ? in this version, it's probably being interpreted as a parameter. In the versions using the plugin it's being stored "as is" which is great. Conversely the Caret in the non plugin version gets encoded.

I am using your tool on RHEL running lampp
MediaWiki 1.24.1
PHP 5.6.3 (apache2handler)
MySQL 5.6.21

I think if someone was willing to help a non-coder here - and write me a plugin that encoded only a list of characters (e.g. caret "^") but nothing else - could call it Splunk URL plugin because this tool is extremely useful for users sharing splunk searches (which can be thousands of characters long)..

[Norway174]

Any updates on this? As I'm now running into the exact same issue. My ^ are being converted to %5E but not converted back properly. Which breaks the purpose.

[LeoColomb]

Any updates on this?

Not yet, we are aware of the issue but no solution has been submitted so far.
Feel free to submit your PR if you have one! 🙂

[Norway174]

Any updates on this?

Not yet, we are aware of the issue but no solution has been submitted so far.
Feel free to submit your PR if you have one! 🙂

I don't have a new PR to submit... But, I were able to circumvent it with this plugin I wrote,

<?php
/*
Plugin Name: Do Not Encode
Description: 
Version: 1.0
Author: Norway174
Author URI: 
*/

yourls_add_filter( 'sanitize_url', 'decode' );

function decode( $url, $unsafe_url ){
	return rawurldecode($url);
}

Based off this one.

But that one didn't work for me, so I ended up writing my own.

Disclaimer: I doubt it's very secure. So use at your own peril.
I'm using it, because I'm pretty sure I can trust myself. And only I will be shortening the URLs.

[ozh]

Closing: 2691 and associated PR will supersede