View Issue Details

IDProjectCategoryView StatusLast Update
0016584phplist applicationStatisticspublic13-06-13 22:27
Reporterbzdzb 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSUbuntu LinuxOS Version10.04
Product Version2.10.17 
Target Version2.11.11Fixed in Version2.11.11 
Summary0016584: Tracking replacing period in URL param name with underscore
DescriptionThe click tracking system is replacing a period (.) with an underscore (_) in my url parameter. This seems to be the same or similar problem as referenced here: http://forums.phplist.com/viewtopic.php?f=24&t=35769&p=84356

I.e.:
http://www.example.com/path/example.html?WT.mc_id=xyz
is getting turned into
http://www.example.com/path/example.html?WT_mc_id=xyz

I tested print_r(parse_url("http://www.example.com/path/example.html?WT.mc_id=xyz")) and it properly generates the following.
Array ( [scheme] => http [host] => www.example.com [path] => /path/example.html [query] => WT.mc_id=xyz )

There seems to be a bug in the URL parsing code for the click tracking, but I haven't been able to track it down yet.
Steps To ReproduceSend email with click tracking enabled that contains a link with a '.' character in the URL argument name.
TagsNo tags attached.

Relationships

related to 0008980 resolveduser1822 Link Conversion for Click Tracking 
has duplicate 0015239 resolvedmichiel Links are not getting re-written correctly (mangled actually). 

Activities

bzdzb

03-04-12 22:55

reporter   ~0051539

Problem lies with parse_str incorrectly converting certain characters to underscores(_). Patch pending.

michiel

04-04-12 12:22

manager   ~0051540

yes, the problem is in PHP, which makes it tricky. When the URL is parsed into it's components, PHP for security, doesn't allow a "." in the variable element and makes it an underscore. So, the only way is to write our own parse_url function that doesn't do that.

bzdzb

04-04-12 17:37

reporter  

parse_str_punctuation_issue.patch (538 bytes)
--- a/admin/lib.php
+++ b/admin/lib.php
@@ -695,7 +695,8 @@ function cleanUrl($url,$disallowed_params = array('PHPSESSID')) {
       $params[$key] = $val;
     }
   } else {
-    parse_str($parsed['query'],$params);
+      list($key,$val) = explode('=',$parsed['query']);
+      $params[$key] = $val;
   }
   $uri = !empty($parsed['scheme']) ? $parsed['scheme'].':'.((strtolower($parsed['scheme']) == 'mailto') ? '':'//'): '';
   $uri .= !empty($parsed['user']) ? $parsed['user'].(!empty($parsed['pass'])? ':'.$parsed['pass']:'').'@':'';

bzdzb

04-04-12 17:38

reporter   ~0051541

I noticed that in the multi-argument case parse_str had already been replaced by an appropriate replacement. The issues was only in the else case where there is only one parameter in the query string. Updated, tested and submitted patch.

rk00bugreport

26-10-12 20:57

reporter   ~0051793

The patch seems to break the uid parameter in unsubscribe, preferences, send-to-friend links in the footer.