New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route arguments get decoded twice #3208
Comments
I have tried to reproduce your posted issue. Here are my test results using postman: GET /articles/123 GET /articles/9%65 GET /articles/9%2565 GET /articles/9%252565 Minimal code example: <?php
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Factory\AppFactory;
require __DIR__ . '/../vendor/autoload.php';
$app = AppFactory::create();
$app->get('/articles/{id}', function (Request $request, Response $response, $args) {
$response->getBody()->write($args['id']);
return $response;
});
$app->run(); Generally, I would recommend to use only characters in a range from |
Hi! Thank you for taking the time to investigate it. The problem I see with double decoding is that the article ID is 9%65, I mean, that's literally the id stored in the DB. Then, how can we refer to it in the URL? I guess the approach should be to url-encode it (e.g. For sure it's an edge case. It's definitely not a good idea to use % characters in the id, but... that's how my client articles are stored, and I don't manage that data. I don't know the intricacies of Slim, but as an outsider opinion, shouldn't it be enough decoding the URL once in \Slim\Routing\RouteResolver::computeRoutingResults ? Doing so, both URL arguments and query params would be decoded correctly, allowing both |
The first url-encoding happens before that actual routing. See RouteResolver. So this: Then, when Slim reads the route arguments, the values will be decoded a second time here: https://github.com/slimphp/Slim/blob/4.x/Slim/Routing/RoutingResults.php#L99 I don't know the reasons behind it, but maybe this is a bug? As a quick workaround, you could pass a Example URI path: |
We have to do a If you use I have to say I'm not entirely sure why that's there in the first place, this is probably an artifact from refactoring the routing system from I don't know what the correct solution is here. @akrabat thoughts? |
Hi!
The arguments get decoded twice, in:
That's a problem if the argument contains a "decodable" combination of characters.
Let's say I have an article with id 9%65. The route to retrieve it is /articles/{id}.
If I rawurlencode the article id (i.e. /articles/9%2565), since it gets decoded twice, the argument returned is 9e instead of 9%65.
In order to get the proper argument, I'd need to rawurlencode the article id twice (i.e. /articles/9%252565)
Please advise
The text was updated successfully, but these errors were encountered: