Default URL redirect adds spurious '?'

Bug #1041514 reported by pinterface on 2012-08-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
Low
Unassigned

Bug Description

If one uses a default URL such as <http://example.org/?query=argument>--meaning one requests an avatar using a form such as:
  http://cdn.libravatar.org/avatar/...?d=http%3A//example.org/%3Fquery%3Dargument

Then, assuming the hash does not exist, one gets redirected to:
  http://example.org/?query=argument%3F

Which is not the specified page, due to a spurious escaped '?' at the end of the URL.

I strongly suspect this is caused by the '?' at the end of '${url_decode:%1}?' in following RewriteRule in config/cdn-common.apache2.conf:

    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=([^&]+)(?:&.*)?$
    RewriteCond %1 !^(retro|identicon|monsterid|wavatar|mm|404)$
    RewriteRule ^/avatar/ ${url_decode:%1}? [last,redirect=302,env=longexpiry:1]

Presumably the goal of that trailing '?' is to avoid mod_rewrite's query-string-passthrough thang. Alas, there is no "use this URL exactly as I gave it" flag!

Possibly fixable (regrettably, untested) with something like the following RewriteRule preceding the aforementioned rule:

    # Detect query parameters in the default URL and redirect specially
    RewriteCond %{QUERY_STRING} ^(?:.*&)?d(?:efault)?=((?:[%]3[Ff]|[^&])+)(?:&.*)?$
    RewriteCond %1 !^(retro|identicon|monsterid|wavatar|mm|404)$
    RewriteRule ^/avatar/ ${url_decode:%1} [last,redirect=302,env=longexpiry:1]

(That is, specially note an escaped question mark and avoid appending an additional one.)

But perhaps it's far enough outside of the expected use case as to not even be worth fixing. I'll leave that to you. :)

François Marier (fmarier) wrote :

That seems like something that should be working.

Setting a low priority mainly because it's pretty hard to get these regexps right and it requires a lot of testing.

Changed in libravatar:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers