Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
We have a use case where the redirect URL has search terms delimited by a +. In it's current version, Login Redirect replaces that special character with a blank space. We need an option to add exceptions to that rule. It's currently being enforced by filter_xss, though.
1) User follows link https://mysite.com?q=good+stuff
2) Taken to Drupal login page at https://mysite.com/user/?referrer=https://mysite.com?q=good+stuff
3) Refering fails, user taken to a wrong page https://mysite.com/good%20stuff
Comment | File | Size | Author |
---|---|---|---|
#3 | login_redirect-charactersparsedtospaces-2552287-3-D7.patch | 592 bytes | japo32 |
Comments
Comment #2
japo32 CreditAttribution: japo32 commentedComment #3
japo32 CreditAttribution: japo32 at Catalyst IT commentedSo we found out that drupal_get_query_parameters() returned the character + in the query string as a space. Here's a patch with our (temporary) solution. We decided to override the function in one of our custom modules for now but the patch here is for the module.
Comment #4
jweowu CreditAttribution: jweowu commentedI suggest this issue be closed as "works as designed".
The value seen by this module comes from the
$_GET
array, which provides the URL-decoded values for the query parameters. A space in the value shows that the value was never URL-encoded for inclusion as a query parameter.If the value had been correctly encoded, you would see
%2B
being converted to+
, rather than+
being converted to a space.i.e. the problem lies in step (2) in which something else is generating the incorrect URL
https://mysite.com/user/?referrer=https://mysite.com?q=good+stuff
The correct URL would be
https://mysite.com/user/?referrer=https%3A%2F%2Fmysite.com%3Fq%3Dgood%2Bstuff