Arguments with url encoded forward slashes no longer work #2176

Closed
michaelday opened this Issue Mar 19, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@michaelday

After upgrading from 3.7.0 to 3.8.0, routes that contain a url encoded forward slash no longer work.

Example route: /auth/{code}
Example url: /auth/4%2FGtXcKpxJQk97MyRtHOy_6sPKrLz74-nDkKG6-iz-PIc

This route will no longer be triggered for that URL. I think the culprit is c2d7ae4, which started URL decoding the URI.

I'm working around this issue currently by double URL encoding the parameter (so the example url from above would be 4%252FGtXcKpxJQk97MyRtHOy_6sPKrLz74-nDkKG6-iz-PIc).

@akrabat

This comment has been minimized.

Show comment
Hide comment
@akrabat

akrabat Mar 19, 2017

Member

That'd be a bc break then… sorry.

Member

akrabat commented Mar 19, 2017

That'd be a bc break then… sorry.

akrabat added a commit to akrabat/Slim that referenced this issue Mar 19, 2017

Revert "Merge branch 'JoeBengalen-fix-basepath-space' into 3.x"
Revert #1946 as it breaks the case when a slash is URL-encoded within a
segment. See issue #2176

This reverts commit c2d7ae4, reversing
changes made to 7aabd47.

@akrabat akrabat referenced this issue Mar 19, 2017

Merged

Revert #1946 #2177

@akrabat

This comment has been minimized.

Show comment
Hide comment
@akrabat

akrabat Mar 19, 2017

Member

Fixed in version 3.8.1.

Thank you for reporting and I'm sorry for the inconvenience.

Member

akrabat commented Mar 19, 2017

Fixed in version 3.8.1.

Thank you for reporting and I'm sorry for the inconvenience.

@akrabat akrabat closed this Mar 19, 2017

@garnold

This comment has been minimized.

Show comment
Hide comment
@garnold

garnold Jun 5, 2017

FWIW I bumped into what I thought was this issue, but the trouble was actually with Apache. The fix was to add AllowEncodedSlashes NoDecode inside my VirtualHost:

https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache

Hope this helps,
Geoff.

garnold commented Jun 5, 2017

FWIW I bumped into what I thought was this issue, but the trouble was actually with Apache. The fix was to add AllowEncodedSlashes NoDecode inside my VirtualHost:

https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache

Hope this helps,
Geoff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment