Affects Version/s: 3.10.0
Fix Version/s: Customer request
Component/s: Users and Access control
Operating System: Linux, Debian etch
PHP Version: 4.4.4-8+etch4
Database and version: MySQL 5.0.32-Debian_7etch4-log
Browser (and version):All
If you have an article name with special characters, for example the special norwegian letters Ã¦Ã¸Ã¥, these will appear in the articles URL. This URL will be encoded each time a redirection occurs.
The problem is that sometimes when SSLZones are enabled, redirection after for example /user/login happens twice. First time from https://user/login to https://articleurl. The second time from https://articleurl to http://articleurl
For each of these redirections eZHTTPTool::redirect( ... ) will be called. This function will again call $url = eZURI::encodeURL( $url );
Since encodeURL(...) is calles twice, all letters of the url will be encoded twice. This means thatfor example the letter Ã¸ will first be encoded to %C3%B8. The next time each % character will be encoded to %25 giving the resulting and invalid %25C3%25B8 encoding for the Ã¸.
Set up a site with SSLZones enabled for user login. Create an article with a special character in the title. Go to the article. Then try login in.