- 🇺🇸United States smustgrave
Self review
All that was added was the tests. That was my mistake and one of my first issues.
It seems until a route access checker gets called, a new Request gets created several times based on the raw path and because of that, special characters from query parameters get lost. So if you have an access checker that checks access based on a value of a query parameter that may contain special characters (ex.: a hash) then the access checker can return false-positive results. This probably happens because special characters in query params have not been URL encoded.
Callstack:
Probably everywhere where new Request gets created from a raw path, the path should be exploded to parts and we should warrant that all query parameters get URL decoded before the new Request object is created. Ex.: \Drupal\Core\Url::toUriString()
Determine solution
Needs work
10.1 ✨
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Self review
All that was added was the tests. That was my mistake and one of my first issues.