[SOLVED] Double equal removed by phplsit

ℹ️ Support
1

Hello,
I have a problem with links we make in phplist, when we send a test phplist cut “==” and make link broken…
http://example.net/serv/e.redir?id_compt=1123&url=http://gdfggdf.gdf.net?t=ope123456==&v=8&c=[civility]&n=[last_name]&p=[first_name]&e=[email]

the double equal after ope123456 == gone…
It’s the same for ? , phlist remove it to.
How can I set that ?
Thank you for your awnsers.

2

@azertyker You should urlencode the url query parameter . Although what you have used will probably work in browsers it is not going to work with software that has to analyse a url.

3

Hello Duncanc,
thx for your anwsers and particulary for all your works on phplist, plugins that’s a very very great work :smiley:
I use URL encode but the problem is the same, phplist remove the signs and cut some variable like this one %3Dope123456%3D%3D

4

@azertyker You are correct. I think that there are a few bugs in this area. If you disable click tracking then the urls should be passed through unchanged.

5

@azertyker I thought the problem sounded familiar, it was reported a few years ago but has not been addressed
https://mantis.phplist.org/view.php?id=17649

6

Hello All !
I up this post cause we have still this issue… :frowning:

I will add another, when I add that URL: http://www.domain.net/click2.php?data=id123&redirect=http://domain2.net/?page=send&email=[EMAIL]&civ=[civility]

Phplist remove that part ‘page=send&’ from original URL and finaly provide that URL: http://www.domain.net/click2.php?data=id123&redirect=http://domain2.net/&email=user@domainuser.net&civ=Miss
That part missing page=send& so the website partner “display 404 error”

Do you have some solution please ?

@duncanc ! where are you ? Come save us ! :stuck_out_tongue:

7

You can make this change to the function cleanUrl() in file admin/lib.php
in release 3.3.4 it starts at line 1386
add these lines immediately after the opening ‘{’

function cleanUrl($url, $disallowed_params = array('PHPSESSID'))
{
    // leave url alone unless it contains any of the disallowed parameters
    $pattern = sprintf('/(%s)=/', implode('|', $disallowed_params));

    if (!preg_match($pattern, $url)) {

        return $url;
    }
    $parsed = @parse_url($url);

This change should mean that your urls are not amended, but ensure to use url encoding on the parameters.

1 Like
8

Hello Duncanc,
I will test that this night !
Again thx for all your work !

9

What can I say…
Good job Sir Duncanc.
I will remember it, promised !

Just a last question, what you wanna say about “ensure to use url encoding on the parameters” ? which parameters ?

How can I make that topic SOLVED ?

1 Like
10

When a parameter is another url then it needs to be url encoded, otherwide parameters in that url will be confused with parameters in the full url.

You appeared to understand this earlier [SOLVED] Double equal removed by phplsit - #3 by azertyker

11

Ok ok, I know what you mean, just wanna be sure.
Again thx Duncanc and have a good night.
++

12

There is a problem with the code change when the url contains more than one parameter. Alter the return statement to be

    return strpos($url, '&') !== false ? htmlspecialchars_decode($url) : $url;

instead of

return $url;
13

You should be able to edit your initial post but I have done that for you. :wink:

2 Likes
14

Oups, I don’t find it :stuck_out_tongue:
thx !