I have previously made a post related to this problem, but since then I've discovered the full effects it had, and the fix I made revealed another bug elsewhere. My original post can be found at http://drupal.org/node/104688, however that post is now obsolete.

The original problem I discovered was that when clean URLs are enabled, Drupal writes URLs incorrectly when the URL contains an argument. I noticed this first in the pager where the links would not work, but later I found more examples in the administration pages. In these cases, another bug was revealed by my original fix: the destination argument was corrupted.

To illustrate the problem, here is a bad URL as generated bu Drupal:

"http://www.mysite.com/admin/taxonomy/edit/term/4?destination=admin%2Ftax..."

The correct URL is this:

"http://www.mysite.com/admin/taxonomy/edit/term/4&destination=admin/taxon..."

There are two bugs present here. First, the usage of the '?' symbol is wrong, it should be '&' instead. Note that while '?' should be used with the first argument, it is in fact the second here, because we're using clean URLs. The default rewrite rule used to enable clean URLs is to add "index.php?q=" in front of everything, and that is where the first argument comes from.

The second problem became apparent only after I fixed the first. Because the first bug prevented the second argument from working at all, the destination argument in the above example was ignored. After the fix it was no longer ignored and turned out to be corrupted. For some reason, the urlencode function is used to format the destination path, which corrupts it by replacing the '/' symbols with junk. Without either fix the destinations did not work at all and were silently ignored.

There are two fixes that need to be made, both of them in the includes/common.inc file.

For the first bug, line number 1033 of that file reads

return $base . $path . '?' . $query . $fragment

when it should be

return $base . $path . '&' . $query . $fragment

For the second bug, lines number 211 and 220 read

return 'destination='. urlencode($_REQUEST['destination']);
return 'destination='. urlencode($path);

when they should be

return 'destination='. $_REQUEST['destination'];
return 'destination='. $path;

I'm not aware of these fixes breaking anything else: I know that they allow the pager links and destination paths to work correctly, which they do not without the fixes. Also note about the first fix that it only concerns cases where there actually are more arguments than one: the front page, where there is no q argument, is handled separately and '?' is used correctly in that case.

CommentFileSizeAuthor
#3 common_main.patch950 bytesmantyla
#2 common_475.patch956 bytesmantyla

Comments

killes@www.drop.org’s picture

killes@www.drop.org commented
Status: Needs review » Active

no patch attached.

I believe this is already fixed in 4.7-CVS.

mantyla’s picture

mantyla commented
Version: 4.7.4 » 4.7.5
Status: Active » Needs review
StatusFileSize
new common_475.patch956 bytes

As I made my first post I was yet unaware of the CVS system used here, and I thought describing the problem in the post itself would suffice. I stand corrected in that respect. However, the problem still remains unfixed. There was indeed a change to one of the functions I made changes to, but it fixed a different problem.

This time I have included patch files: one for the MAIN branch and another for the DRUPAL-4-7 branch. Both contain the exact same fixes which I explained above. One further note though: I know that the urlencode function does not exactly corrupt the paths, and that it is possible to configure Apache to accept %2F for the '/' symbol. However, I fail to see any point in using urlencode here, as it only requires you to enable one extra option for no gain. The first bug is just that, as it completely disables second arguments from working when clean URLs are enabled.

Anyway, I hope to see the patches working their way to the next Drupal release, as I wouldn't want to edit the code myself for the third time (I just did so in 4.7.5).

mantyla’s picture

mantyla commented
StatusFileSize
new common_main.patch950 bytes

Here is the second patch file, for the MAIN branch.

gerhard killesreiter’s picture

gerhard killesreiter commented
Version: 4.7.5 » 5.x-dev

moving to HEAD.

drumm’s picture

drumm
he/him
Location NY, US
commented
Version: 5.x-dev » 6.x-dev
Status: Needs review » Closed (won't fix)

These two changes should be included in separate issues, but I don't think either is valid. These basic functions are in use on plenty of sites without a problem, maybe there is an issue with your specific web server configuration.

First, the first url argument should publicly be prepended with '?' and not '&'. Other pieces of software may be parsing the urls, so we should stick to the standards. If this doubles up internally with mod_rewrite, then mod_rewrite should fix it in the same place.

I tested both the second and first issues and could not reproduce any of the problems.

mantyla’s picture

mantyla commented
Status: Closed (won't fix) » Closed (fixed)

It turned out that the error was with my RewriteRule, and not with the the core function at all. See here: http://drupal.org/node/104688.

I still don't see the point of urlencoding destinations, but with the RewriteRule fixed, that ceased to be an issue as well.