magento-lts icon indicating copy to clipboard operation
magento-lts copied to clipboard

Published 20 hours ago verified publisher icon OpenMage

Fixes `Mage_Core_Helper_Url::removeRequestParam()` for `___SID`/`SID`

Open sreichel opened this issue 1 year ago • 3 comments

Description (*)

Mage_Core_Helper_Url::removeRequestParam() uses preg_replace or str_replace that can lead to malformed urls for partial matches.

Fixed Issues (if relevant)

  1. Fixes OpenMage/magento-lts#4294

Manual testing scenarios (*)

$url = 'https://example.com?___SID=S&SID=S&foo=bar&boo=baz';
Mage::helper('core/url')->removeRequestParam(
    $url,
    Mage::getSingleton('core/session')->getSessionIdQueryParam()
);

getSessionIdQueryParam() returns SID, that should be removed.

Expected

https://example.com?___SID=S&foo=bar&boo=baz

Current

https://example.com?___foo=bar&boo=baz

sreichel avatar Oct 19 '24 06:10 sreichel

@Hanmac - is this PR solving your issue? I tested and it works.

addison74 avatar Oct 19 '24 12:10 addison74

Maybe return early if the URL doesn't have '?'

Hanmac avatar Oct 20 '24 07:10 Hanmac

Yep. Updated.

sreichel avatar Oct 20 '24 07:10 sreichel