URL decoding of parameters must be done after the parsing

[LeSuisse]

trafficstars

Otherwise percent-encoded / are recognized as an URL separator which does not respect the section 2.4 of the RFC3986 [0]. This is an issue if you have an string URL parameter with a / character since the URL is decoded before the finding the route corresponding the request you will either not find the route or find a route that does not match with the request. The URL must be decoded only when setting the parameters.

[0] https://tools.ietf.org/html/rfc3986#section-2.4

When a URI is dereferenced, the components and subcomponents significant to the scheme-specific dereferencing process (if any) must be parsed and separated before the percent-encoded octets within those components can be safely decoded, as otherwise the data may be mistaken for component delimiters.