Have you ever wondered why drupal's destination parameter appears to be scrambled? At least jpetso has... ;) #192603: Use drupal_urlencode() instead of plain PHP urlencode()
The problem is that the destination parameter gets urlencoded two times, first off drupal_get_destination() does, then url() does and so drupal_goto() as well as l(). So if drupal_get_destination() is used together with drupal_goto() or together with l(), which is common usage, the urls get urlencoded twice.
Attached is a patch, which fixes the problem by changing drupal_get_destination() to not urlencode the destination. It's not documented whether drupal_get_destination() does urlencoding, but it's documented that it can be used together with drupal_goto(). So changing the urlencoding to fix the documented use case should be fine.
Note: This problem appears to apply to drupal 5, 6 and 7.
Patch for d7 attached.
| Comment | File | Size | Author |
|---|---|---|---|
| drupal_7_destination_double_url_encoded.patch | 791 bytes | fago |
Comments
Comment #1
fagofixing status
Comment #2
c960657 commentedWhat do you mean by “scrambled”? Could you give steps to reproduce the problem?
Comment #3
fagoTake a look at the links generated with a destination parameter, e.g. go to the "admin/content/node" page and click on edit for a node. You land at
/node/240/edit?destination=admin%2Fcontent%2Fnodewhere it should be/node/240/edit?destination=admin/content/node.Comment #4
fagoRelated issue: #310139: drupal_query_string_encode() should not call drupal_urlencode()
Comment #5
cburschkaI'm doubtful about the first change:
PHP decodes request parameters before making them available in $_REQUEST. What this code does is copy a decoded version of destination into a place that needs an encoded one.
The other change makes sense assuming that $path has already been encoded to take care of special characters.
Comment #6
tbm13 commentedI get a redirect to a bogus URL from the login button after enabling clean URLs, and it sounds like my issue is related to the one discussed here. Maybe someone can take a look at the issue I just reported: http://drupal.org/node/480726
Comment #7
c960657 commentedThis is no longer an issue in HEAD. drupal_get_destination() has been modified to use the new drupal_http_build_query() that does not encode slashes in the query string.