bug #49299 [HttpClient] Fix over-encoding of URL parts to match browser's behavior (nicolas-grekas)

nicolas-grekas · nicolas-grekas · commit ec8d4588578b · 2023-02-10T12:43:30.000+01:00
This PR was merged into the 5.4 branch. Discussion ---------- [HttpClient] Fix over-encoding of URL parts to match browser's behavior | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #48315 | License | MIT | Doc PR | - Yes, the RFC says these chars should be url-encoded: ``` [ ] \ ^ ` { | } ``` But in practice, browser's don't encode them, and some servers don't expect them to be encoded either. See https://stackoverflow.com/questions/2366260/whats-valid-and-whats-not-in-a-uri-query for some pointers. Commits ------- e79e331 [HttpClient] Fix over-encoding of URL parts to match browser's behavior
diff --git a/src/Symfony/Component/HttpClient/HttpClientTrait.php b/src/Symfony/Component/HttpClient/HttpClientTrait.php
@@ -547,7 +547,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
             }
 
             // https://tools.ietf.org/html/rfc3986#section-3.3
-            $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()*+,;=:@%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
+            $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@\\\\^`{|}%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
         }
 
         return [
@@ -621,6 +621,31 @@ private static function mergeQueryString(?string $queryString, array $queryArray
         $queryArray = [];
 
         if ($queryString) {
+            if (str_contains($queryString, '%')) {
+                // https://tools.ietf.org/html/rfc3986#section-2.3 + some chars not encoded by browsers
+                $queryString = strtr($queryString, [
+                    '%21' => '!',
+                    '%24' => '$',
+                    '%28' => '(',
+                    '%29' => ')',
+                    '%2A' => '*',
+                    '%2B' => '+',
+                    '%2C' => ',',
+                    '%2F' => '/',
+                    '%3A' => ':',
+                    '%3B' => ';',
+                    '%40' => '@',
+                    '%5B' => '[',
+                    '%5C' => '\\',
+                    '%5D' => ']',
+                    '%5E' => '^',
+                    '%60' => '`',
+                    '%7B' => '{',
+                    '%7C' => '|',
+                    '%7D' => '}',
+                ]);
+            }
+
             foreach (explode('&', $queryString) as $v) {
                 $queryArray[rawurldecode(explode('=', $v, 2)[0])] = $v;
             }
diff --git a/src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php b/src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php
@@ -157,12 +157,12 @@ public function provideParseUrl(): iterable
         yield [['http:', null, null, null, null], 'http:'];
         yield [['http:', null, 'bar', null, null], 'http:bar'];
         yield [[null, null, 'bar', '?a=1&c=c', null], 'bar?a=a&b=b', ['b' => null, 'c' => 'c', 'a' => 1]];
-        yield [[null, null, 'bar', '?a=b+c&b=b', null], 'bar?a=b+c', ['b' => 'b']];
-        yield [[null, null, 'bar', '?a=b%2B%20c', null], 'bar?a=b+c', ['a' => 'b+ c']];
-        yield [[null, null, 'bar', '?a%5Bb%5D=c', null], 'bar', ['a' => ['b' => 'c']]];
-        yield [[null, null, 'bar', '?a%5Bb%5Bc%5D=d', null], 'bar?a[b[c]=d', []];
-        yield [[null, null, 'bar', '?a%5Bb%5D%5Bc%5D=dd', null], 'bar?a[b][c]=d&e[f]=g', ['a' => ['b' => ['c' => 'dd']], 'e[f]' => null]];
-        yield [[null, null, 'bar', '?a=b&a%5Bb%20c%5D=d&e%3Df=%E2%9C%93', null], 'bar?a=b', ['a' => ['b c' => 'd'], 'e=f' => '✓']];
+        yield [[null, null, 'bar', '?a=b+c&b=b-._~!$%26/%27()[]*+,;%3D:@%25\\^`{|}', null], 'bar?a=b+c', ['b' => 'b-._~!$&/\'()[]*+,;=:@%\\^`{|}']];
+        yield [[null, null, 'bar', '?a=b+%20c', null], 'bar?a=b+c', ['a' => 'b+ c']];
+        yield [[null, null, 'bar', '?a[b]=c', null], 'bar', ['a' => ['b' => 'c']]];
+        yield [[null, null, 'bar', '?a[b[c]=d', null], 'bar?a[b[c]=d', []];
+        yield [[null, null, 'bar', '?a[b][c]=dd', null], 'bar?a[b][c]=d&e[f]=g', ['a' => ['b' => ['c' => 'dd']], 'e[f]' => null]];
+        yield [[null, null, 'bar', '?a=b&a[b%20c]=d&e%3Df=%E2%9C%93', null], 'bar?a=b', ['a' => ['b c' => 'd'], 'e=f' => '✓']];
         // IDNA 2008 compliance
         yield [['https:', '//xn--fuball-cta.test', null, null, null], 'https://fußball.test'];
     }
diff --git a/src/Symfony/Component/Notifier/Bridge/SmsBiuras/Tests/SmsBiurasTransportTest.php b/src/Symfony/Component/Notifier/Bridge/SmsBiuras/Tests/SmsBiurasTransportTest.php
@@ -52,7 +52,7 @@ public function unsupportedMessagesProvider(): iterable
      */
     public function testTestMode(int $expected, bool $testMode)
     {
-        $message = new SmsMessage('+37012345678', 'Hello World!');
+        $message = new SmsMessage('0037012345678', 'Hello World');
 
         $response = $this->createMock(ResponseInterface::class);
         $response->expects($this->atLeast(1))

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function unsupportedMessagesProvider(): iterable`
`52`	`52`	`*/`
`53`	`53`	`public function testTestMode(int $expected, bool $testMode)`
`54`	`54`	`{`
`55`		`- $message = new SmsMessage('+37012345678', 'Hello World!');`
	`55`	`+ $message = new SmsMessage('0037012345678', 'Hello World');`
`56`	`56`
`57`	`57`	`$response = $this->createMock(ResponseInterface::class);`
`58`	`58`	`$response->expects($this->atLeast(1))`