We have a use case where the redirect URL has search terms delimited by a +. In it's current version, Login Redirect replaces that special character with a blank space. We need an option to add exceptions to that rule. It's currently being enforced by filter_xss, though.

1) User follows link https://mysite.com?q=good+stuff
2) Taken to Drupal login page at https://mysite.com/user/?referrer=https://mysite.com?q=good+stuff
3) Refering fails, user taken to a wrong page https://mysite.com/good%20stuff

CommentFileSizeAuthor
#3 login_redirect-charactersparsedtospaces-2552287-3-D7.patch592 bytesjapo32
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

japo32 created an issue. See original summary.

japo32’s picture

japo32 CreditAttribution: japo32 commented
Issue summary: View changes
japo32’s picture

japo32 CreditAttribution: japo32 at Catalyst IT commented
FileSize
login_redirect-charactersparsedtospaces-2552287-3-D7.patch592 bytes

So we found out that drupal_get_query_parameters() returned the character + in the query string as a space. Here's a patch with our (temporary) solution. We decided to override the function in one of our custom modules for now but the patch here is for the module.

jweowu’s picture

jweowu CreditAttribution: jweowu commented

I suggest this issue be closed as "works as designed".

The value seen by this module comes from the $_GET array, which provides the URL-decoded values for the query parameters. A space in the value shows that the value was never URL-encoded for inclusion as a query parameter.

If the value had been correctly encoded, you would see %2B being converted to +, rather than + being converted to a space.

i.e. the problem lies in step (2) in which something else is generating the incorrect URL https://mysite.com/user/?referrer=https://mysite.com?q=good+stuff

The correct URL would be https://mysite.com/user/?referrer=https%3A%2F%2Fmysite.com%3Fq%3Dgood%2Bstuff