Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.10.0
-
None
-
Operating System: Linux, Debian etch
PHP Version: 4.4.4-8+etch4
Database and version: MySQL 5.0.32-Debian_7etch4-log
Browser (and version):All
Description
If you have an article name with special characters, for example the special norwegian letters æøå, these will appear in the articles URL. This URL will be encoded each time a redirection occurs.
The problem is that sometimes when SSLZones are enabled, redirection after for example /user/login happens twice. First time from https://user/login to https://articleurl. The second time from https://articleurl to http://articleurl
For each of these redirections eZHTTPTool::redirect( ... ) will be called. This function will again call $url = eZURI::encodeURL( $url );
Since encodeURL(...) is calles twice, all letters of the url will be encoded twice. This means thatfor example the letter ø will first be encoded to %C3%B8. The next time each % character will be encoded to %25 giving the resulting and invalid %25C3%25B8 encoding for the ø.
Steps to reproduce
Set up a site with SSLZones enabled for user login. Create an article with a special character in the title. Go to the article. Then try login in.