Contrib.social

Pathologic adds double-encoded query/fragment when `Url::fromUri()` receives query in both $path and $options

Open on Drupal.org →
Created on 26 June 2025, 2 months ago

Problem/Motivation

When rendering internal links that contain both a query string and a fragment identifier, Pathologic incorrectly encodes the URL by duplicating the query and fragment parts. For example, a stored URL like:




href="/node/84623?test=hello#anchor">Test




is transformed into:




/path/alias%3Ftest%3Dhello%23anchor?test=hello#anchor




This results in invalid URLs with broken behavior (e.g., anchor targeting fails and query parameters are corrupted), and leads to degraded UX and broken routing.

This issue seems to occur because Pathologic passes query and fragment data both embedded in the path string and again separately in the $options array to Url::fromUri(), which does not sanitize duplication.

Steps to reproduce

  1. Ensure Pathologic 2.x is installed and enabled for a text format used by a node field. I used it with Full HTML for the WYSIWYG Editor.
  2. Use that text format to save the following raw HTML into a node body or custom field:




    <p><a href="/node/{real-node-id}?params=test#anchor">TEST</a></p>



  3. View rendered node on the frontend
  4. Inspect the rendered <a> tag.








    5. <a href="/your-path-alias?test=hello#anchor">HELLO</a>









    <a href="/your-path-alias%3Ftest%3Dhello%23anchor?test=hello#anchor">HELLO</a>



Proposed resolution

Before passing $url_params['path'] into Url::fromUri(), strip out any embedded query string or fragment component by splitting on the first occurrence of ? or #:




$url_params['path'] = preg_split('/[?#]/', $url_params['path'], 2)[0];




This ensuresUrl::fromUri() receives the clean path separately from its query and fragment parts already correctly provided in $url_params['path'].

This change should be added just before $url_params['path'] is used to construct $path in _pathologic_replace().

Remaining tasks

  1. Add a functional test using pathologic_test to confirm output with both query string and fragment.

User interface changes

None

API changes

None

Data model changes

None

🐛 Bug report
Status

Downport

Version

2.0

Component

Code

Created by

willfrost

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024