[Issue] URLs should not contains reserved characters according to RFC 3986 #36042
Labels
Area: Security
Component: Encryption
Issue: Confirmed
Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed
Priority: P2
A defect with this priority could have functionality issues which are not to expectations.
Progress: done
Reported on 2.4.x
Indicates original Magento version for the Issue report.
Reproduced on 2.4.x
The issue has been reproduced on latest 2.4-develop branch
Projects
This issue is automatically created based on existing pull request: #35885: URLs should not contains reserved characters according to RFC 3986
Description (*)
This PR fixes the RFC 3986 which forbids to use reserved characters in URLs such as a comma.
Related Pull Requests
Manual testing scenarios (*)
http://magento2.adobe/encoding/with/longer/url/
Magento\Framework\Url\Encoder::encode
methodaHR0cDovL21hZ2VudG8yLmFkb2JlL2VuY29kaW5nL3dpdGgvbG9uZ2VyL3VybC8,
aHR0cDovL21hZ2VudG8yLmFkb2JlL2VuY29kaW5nL3dpdGgvbG9uZ2VyL3VybC8%2C
(please notice the %2C character which is the hexadecimal value for a comma, which is not allowed.http://magento2.adobe/encoding/with/longer/url/6
(a6
was added at the end of the URL because of the encoded value)Questions or comments
In my understanding of the RFC, an URL can't contain a comma (or whatever reserved characters). However, Magento uses such character in the
encode
method to remove the=
character from the base64 encoded value.magento2/lib/internal/Magento/Framework/Url/Encoder.php
Line 18 in c6aeb6a
This PR replaces the comma value by a tilde as this is an unreserved character allowed for an URL and which will not be transformed in the
rawurlencode
method.Contribution checklist (*)
The text was updated successfully, but these errors were encountered: