cflocation sometimes encodes the fragment portion of the url

Description

Running cflocation with a URL that contains a fragment usually works great! Example:

<cflocation url="https://lucee.org/##!/foo" addtoken="no"> <!--- expected result: https://lucee.org/#!/foo ---> <!--- actual result: https://lucee.org/#!/foo --->

However, if any query string is present in the URL, then the fragment portion is encoded. Example:

<cflocation url="https://lucee.org/?a=1##!/foo" addtoken="no"> <!--- expected result: https://lucee.org/?a=1#!/foo ---> <!--- actual result: https://lucee.org/?a=1#%21%2Ffoo --->

I don't believe that the fragment portion of a URL should ever be encoded, and it should certainly be consistent whether or not a query string is present.

Reviewing the code, this seems to be culprit: https://github.com/lucee/Lucee/blob/master/core/src/main/java/lucee/commons/net/HTTPUtil.java#L511. Is that intentionally getting encoded? That seems problematic. The change in behavior based on the presence of a query string appears to be from an early return in that function: https://github.com/lucee/Lucee/blob/master/core/src/main/java/lucee/commons/net/HTTPUtil.java#L472

Environment

None

Activity

Michael Offner 
12 February 2024 at 11:13

In my opinion this is already solved by https://luceeserver.atlassian.net/browse/LDEV-2770 , if you disagree, please reopen the ticket and assign it to me.

Pothys - MitrahSoft 
17 March 2020 at 13:21

I've checked this ticket & confirmed the issue happened on the latest version of lucee also.
And added a fix for this issue.

Pull request: https://github.com/lucee/Lucee/pull/878

Unresolved

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Created 13 March 2020 at 21:39
Updated 12 February 2024 at 11:13