Defect #154
SimplePie 1.2 does not parse escaped ampersands in URL correctly.
| Status: | Unconfirmed | Start: | 2009-10-21 | |
| Priority: | High | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Version: | 1.2 |
PHP Version: | 5.2.10 |
|
| mbstring enabled: | No |
iconv enabled: | No |
|
| cURL enabled: | No |
zlib enabled: | No |
|
Description
I tried to parse the following feed with SimplePie: http://www.publicbroadcasting.net/mpr/.eventsfeed?cat=Rock%2C%20Roots%2C%20%26%20Other&start=10122009&end=12312010
Note the %26--the encoding of the ampersand. However, once the URL has been run through Simple_IRI's filtering, the %26 is converted to an ampersand, which means that the URL will be misinterpreted when trying to retrieve the feed's contents.
The problem is in SimpleIRI::replace_invalid_with_pct_encoding(), which checks each percent-encoded character against the list of allowable characters. If the character is allowed, it decodes the character and puts it in the URL. Since an ampersand is allowable in the URL, the function decodes 26 into "x%x". Honestly, I'm not quite sure why this decoding is necessary--the URL will work just fine with percent-encoded characters.
Using Build 20090627192103