Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#43452] - [5.4] Explicitly state our argument separator when calling http_build_query().

bug PR-5.4-dev Pending

User tests: Successful: Unsuccessful:

avatar coling
coling
9 May 2024

When the PHP arg_separator.input configuration option is not set to & (e.g. if it's set to &) then this will result in malformed encoded strings. Sometimes this is generally OK, but when using http_build_query() to format POST data (e.g. in the Http/Transport classes) this can result in malformed POSTs and failing APIs

This is easily seen in e.g. reCaptcha verification requests.

Summary of Changes

This is a long overdue rebase of #23616

Testing Instructions

Simply set arg_separator.input to & in php.ini and attempt to use reCaptcha

Actual result BEFORE applying this Pull Request

It will fail with a malformed request

Expected result AFTER applying this Pull Request

It will work.

avatar coling coling - open - 9 May 2024
avatar coling coling - change - 9 May 2024
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 9 May 2024
Category Administration com_associations Layout Libraries
avatar coling coling - change - 23 Sep 2024
Labels Added: PR-4.4-dev
avatar HLeithner
HLeithner - comment - 15 Nov 2024

This pull request has been automatically rebased to 5.2-dev.

avatar HLeithner HLeithner - change - 15 Nov 2024
Title
Explicitly state our argument separator when calling http_build_query().
[5.2] Explicitly state our argument separator when calling http_build_query().
avatar HLeithner HLeithner - edited - 15 Nov 2024
avatar coling coling - change - 15 Nov 2024
Labels Added: bug PR-5.2-dev
avatar HLeithner
HLeithner - comment - 15 Apr 2025

This pull request has been automatically rebased to 5.3-dev.

avatar HLeithner HLeithner - change - 15 Apr 2025
Title
[5.2] Explicitly state our argument separator when calling http_build_query().
[5.3] Explicitly state our argument separator when calling http_build_query().
avatar HLeithner HLeithner - edited - 15 Apr 2025
avatar HLeithner
HLeithner - comment - 15 Oct 2025

This pull request has been automatically rebased to 5.4-dev.

avatar richard67 richard67 - change - 2 Nov 2025
Title
[5.3] Explicitly state our argument separator when calling http_build_query().
[5.4] Explicitly state our argument separator when calling http_build_query().
avatar richard67 richard67 - edited - 2 Nov 2025
avatar richard67 richard67 - change - 2 Nov 2025
Labels Added: PR-5.4-dev
Removed: PR-4.4-dev PR-5.2-dev

Add a Comment

Login with GitHub to post a comment