Skip to content

Double encoding of URL query string when also passing parameters

This is quite closely related to #1 (closed), but I think it is distinct enough to warrant a separate issue.

If a HTTP\URL object is created with a query string in the base URL (extracted to $comps['query']) and then separate parameters are added to the object (e.g. $params is not empty), we extract the query parameters from $comps['query'] and merge them with $params in build_query_string() when __toString() is called.

When the base URL already contains URL-encoded characters of the form %## this behaviour causes a problem as these characters will be URL encoded twice. For example:

$url = new Kolombido\HTTP\URL('test.php?date=01%2F01%2F2019', ['extra'=>5]);
echo $url;

Prints test.php?date=01%252F01%252F2019&extra=5 where the percentage signs in the base URL query string have been encoded as %25.

I think there may be a few ways to try and resolve this:

  • Call urldecode() on each query parameter of $comps['query'] and re-encode it later.
  • Make all query parameters extracted from $comps['query'] instances of URLEncodedValue and trust that they were already encoded correctly.
  • Resolve #1 (closed) in favour of never parsing $comp['query'].

In my opinion using URLEncodedValue seems cleanest, but I don't have any particularly strong views in this direction.