Contrib.social

RouteNormalizer: handling of numeric query params

Open on Drupal.org →
Created on 28 April 2022, over 2 years ago
Updated 8 February 2024, 11 months ago

Problem/Motivation

I noticed that using numeric query parameters leads to an endless redirect loop until it throws a 414 Request-URI Too Large.

Steps to reproduce

Try any valid path and simply add a numeric query parameter. Doesn't matter if the parameter has a value or not. Something like this:
https://www.domain.com/admin?0=
Inspecting the network reveals an endless redirect, incrementing the same numeric query param until the max length of the URI is reached.

Proposed resolution

I figured the culprit is the array_merge() in \Drupal\redirect\EventSubscriber\RouteNormalizerRequestSubscriber::onKernelRequestRedirect where it adds dynamically added parameters back to the query parts array:

// Dynamically added parameters will be missing from the server query
// string. Add those back to the query parts array.
if ($request->query->count()) {
  $query_parts = array_merge($query_parts, $request->query->all());
}

Definition of PHP's array_merge() - taken from here https://www.php.net/manual/en/function.array-merge.php:
Values in the input arrays with numeric keys will be renumbered with incrementing keys starting from zero in the result array.

If we wanted to append array elements from the second array to the first array while not overwriting the elements from the first array and not re-indexing, we should use the + array union operator:

$query_parts = $request->query->all() + $query_parts;

Now, not sure if that change would be reasonable at all (or whether numeric query params could be parsed as string), hence my call to the community what you guys think of it.

🐛 Bug report
Status

Active

Version

9.5

Component
Request processing 

Last updated 7 days ago

No maintainer
Created by

🇨🇭Switzerland sitiveni

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 11 months ago
    fabianfiorotto

    I have a problem similar to this one in Drupal 10. If you add a parameter with a numeric key in a view with a full pager.
    eg:
    https://www.domain.com/my-view?0=

    and then you start to use the pager to change the current page you will see that the URL fills with a lot of numbers exponentially.
    I think that is messing with my site's SEO because the spiders start navigating the site and spending a lot of resources on those useless URLs.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024