If you have an article name with special characters, for example the special norwegian letters æøå, these will appear in the articles URL. This URL will be encoded each time a redirection occurs.

The problem is that sometimes when SSLZones are enabled, redirection after for example /user/login happens twice. First time from https://user/login to https://articleurl. The second time from https://articleurl to http://articleurl

For each of these redirections eZHTTPTool::redirect( ... ) will be called. This function will again call $url = eZURI::encodeURL( $url );

Since encodeURL(...) is calles twice, all letters of the url will be encoded twice. This means thatfor example the letter ø will first be encoded to %C3%B8. The next time each % character will be encoded to %25 giving the resulting and invalid %25C3%25B8 encoding for the ø.

Steps to reproduce

Set up a site with SSLZones enabled for user login. Create an article with a special character in the title. Go to the article. Then try login in.