[Issue] URLs should not contains reserved characters according to RFC 3986

[m2-assistant]

This issue is automatically created based on existing pull request: #35885: URLs should not contains reserved characters according to RFC 3986

---

Description (*)

This PR fixes the RFC 3986 which forbids to use reserved characters in URLs such as a comma.

Related Pull Requests

Manual testing scenarios (*)

1. Use the URL : http://magento2.adobe/encoding/with/longer/url/
2. Encode this URL with the Magento\Framework\Url\Encoder::encode method
3. Note that the base64 encoded URL contains a comma : aHR0cDovL21hZ2VudG8yLmFkb2JlL2VuY29kaW5nL3dpdGgvbG9uZ2VyL3VybC8,
4. Use the native method rawurlencode from PHP on the result : aHR0cDovL21hZ2VudG8yLmFkb2JlL2VuY29kaW5nL3dpdGgvbG9uZ2VyL3VybC8%2C (please notice the %2C character which is the hexadecimal value for a comma, which is not allowed.
5. Decode this URL back : http://magento2.adobe/encoding/with/longer/url/6 (a 6 was added at the end of the URL because of the encoded value)

Questions or comments

In my understanding of the RFC, an URL can't contain a comma (or whatever reserved characters). However, Magento uses such character in the encode method to remove the = character from the base64 encoded value.

magento2/lib/internal/Magento/Framework/Url/Encoder.php

Line 18 in c6aeb6a

return strtr(base64_encode($url), '+/=', '-_,');

This PR replaces the comma value by a tilde as this is an unreserved character allowed for an URL and which will not be transformed in the rawurlencode method.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[github-jira-sync-bot]

Unfortunately, not enough information was provided to create a Jira ticket. Please make sure you added the following label(s): Reproduced on 2.4.x, ^Area:.*

Once all required labels are present, please add Issue: Confirmed label again.

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.adobe.com/browse/AC-6635 is successfully created for this GitHub issue.

[m2-assistant]

✅ Confirmed by @engcom-Lima. Thank you for verifying the issue.
Issue Available: @engcom-Lima, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

[MrBlueEyez]

The pull request only adjusted the encoder, the Magento\Framework\Url\Decoder is still looking for a comma instead of a tilde when decoding:
$url = $url !== null ? base64_decode(strtr($url, '~_,', '+/=')) : '';
(I see #37532 has been created for that)

I am also having some difficulties with urls that end with a tilde, getting a 403 from nginx. Not 100% sure if this is something I can fix on my side.