German umlauts (ä, ö, ü, and possibly other special characters) removed in parameters of action functions

[crystlbrd]

I found a rather interesting error. I'm from Germany and we have often umlauts in our words. In one case I was working on a backend system and was trying to call a page like this:

header('Location: ' . URL . 'controller/action/' . urlencode('somethingWithAnUmlaut'));

And it worked very well, with one exception: the umlaut was removed in the URL and the parameter in the action function. After some digging I found the responsible code for it:

mini3/application/Core/Application.php

Line 75 in 72891a8

$url = filter_var($url, FILTER_SANITIZE_URL);

MINI seems to decode the URL after catching it (didn't looked up where this happens), so the URL isn't coded in HTTP at that line anymore. Unfortunately the filter used in that line removes all umlauts and some other German special characters (e.c. ß). In my case I just commented the line out. But that's of course not a long term solution. Any ideas here?

P.S.: I really love this 'framework'. Great work to all, who toke the effort making this project this awesome.

[sa-tasche]

1. See: default_charset in php.ini
   See also: https://phptherightway.com/#php_and_utf8

2. instead of FILTER_SANITIZE_URL use FILTER_SANITIZE_ENCODED
   See: https://www.php.net/manual/de/filter.filters.sanitize.php
   See: https://phptherightway.com/#data_filtering

[ebitkov]

As defined in the RFC 1738, any special characters (including umlauts) may not be used unencoded, even if it's technically possible:

Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
reserved characters used for their reserved purposes may be used
unencoded within a URL.

Therefore I propose to close this issue as wontfix.