Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
The upstream UrlGenerator provides a list of special characters to decode. We only care about '%2F' => '/'.
But UrlGenerator only applies this decoding to the path of the URL, not to any of the querystring values.
For example, if you wanted to generate admin/config?destination=admin/content
, in HEAD you couldn't by using route names, it would come out as admin/config?destination=admin%2Fcontent
, with the second / encoded.
Proposed resolution
Find a way to work around the upstream code
Also open an upstream issue
Remaining tasks
User interface changes
API changes
Comment | File | Size | Author |
---|---|---|---|
#17 | 2345725-query-url-17.patch | 1.88 KB | tim.plunkett |
Comments
Comment #1
tim.plunkettSymfony's docs explicitly say that the decodedChars is for "the path segment of the generated URL", not the query string.
So I'm not sure if we should push this upstream. If so, it can be done in doGenerate().
But since that generation is not in a dedicated method, we have to do it after the URL is generated.
In order to add a new test case it took some refactoring of the existing test methods, so I've attached a do-not-test patch with just my changes after the refactoring.
Comment #2
tim.plunkettComment #3
dawehnerSo why the fuck is nobody able to open up an issue against symfony?
Comment #4
dawehnerCan we ensure to use explode(' ..., 2) as always?
Comment #5
tim.plunkettWe cannot push this upstream as-is. We'd need to have a second property like $decodedChars that is specifically for query params, otherwise it'd be a Symfony BC break.
Here's the fix for our code.
Comment #6
Crell CreditAttribution: Crell commentedIf I understand the upstream issue correctly:
- doGenerate() does too much in one method, so we can't easily override just part of it to do this.
- It's unclear if Symfony would consider escaping additional characters in the query parameters to be an API break. (I wouldn't consider it one but Symfony has a tighter BC policy than Drupal at the moment.)
- This is mostly a cosmetic issue, making query parameters actually readable by humans. It shouldn't impact the actual executability of code.
That means our options are:
1) Just do it ourselves post-generate (aka, #5. Easy but a but fugly.)
2) Refactor doGenerate() upstream so that we can override just a bit of it to do whatever escaping we need. (ie, break it into a series of methods; that should be entirely safe from a BC perspective.)
3) Modify doGenerate() upstream to also escape query parameters, if Symfony permits.
I think it's best on this one to defer to upstream. I've pinged fabpot and lsmith for their recommendation on how to proceed.
Comment #7
Fabianx CreditAttribution: Fabianx commentedIs there a link to an upstream issue?
Comment #8
dawehnerWell, as always, just a few people actually try to fill these upstream issues: https://github.com/symfony/symfony/issues/12200
Comment #9
dawehner@tim.plunkett
As someone mentioned on the symfony issue, we cannot escape most of the characters but can only do
'?'
and'/'
which is already enough for our cases.For example
'['
and']'
introduces regressions of arrays in query arguments.Comment #10
martin107 CreditAttribution: martin107 commentedComment #11
dawehnerLet's mark i actually as postponed on the symfony issue.
Comment #12
catchhttps://github.com/symfony/symfony/issues/12200 got merged - anything needed here other than a Symfony update now?
Comment #13
dawehner@catch
This just got merged into master, so it will be available once 2.6 is released which will be quite time soon. I think its not worth to go to master
just because of that.
Comment #14
catchOK I opened #2366043: Upgrade to Symfony 2.6.0-beta1, let's mark this postponed - if there's a good reason to patch or go to master prior to 2.6, we can re-open for that.
Comment #15
BerdirThat update was committed, so back to needs work?
Comment #16
catchI think it's just a case of committing the tests here now.
Comment #17
tim.plunkettHere's just the test. I can confirm this fails if you comment out the upstream fix to UrlGenerator.
Comment #18
Crell CreditAttribution: Crell commentedAssuming it passes...
Comment #19
dawehner+1
Comment #20
alexpottChanged category and priority to reflect what the patch is actually doing. This issue is a prioritized change (adding tests) as per https://www.drupal.org/core/beta-changes and it's benefits outweigh any disruption. Committed fd63394 and pushed to 8.0.x. Thanks!