Mautic: Trackable redirect incorrectly parses the end of the URL in a plain text version
Please DO NOT report security vulnerabilities here. Send them to [email protected] instead.
What type of report is this:
| Q | A
| ---| ---
| Bug report? | Y
| Feature request? |
| Enhancement? |
Description:
This issue was introduced after updating to 2.14.0 (and probably after merging https://github.com/mautic/mautic/pull/6260).
After clicking on "Auto Generate" to create a plaintext version of email the links are shown in square brackets. After sending this email, the right square bracket is not removed from the URL, thereby creating an incorrect page redirect (you can see it in the database in table page_redirects, column url).
If a bug:
| Q | A
| --- | ---
| Mautic version | 2.14.0
| PHP version | 7.1.18
Steps to reproduce:
- Create a new segment email
- In the builder, add any URL that does not navigate to the homepage, and after the domain name there is at least one slash (
https://example.org/page). - Click the "Auto Generate" button to create a plaintext version of the email.
- Send this email.
Or use this plain text sample
Sample plain text email
This email contains URL with the square brackets [https://example.org/with/square/brackets]
also the square brackets with a slash and a comma [https://example.org/square/brackets/with/slash/and/comma/],
or parentheses (https://example.org/with/parentheses)
even with just a comma: https://example.org/with/comma,
or with a dot: https://example.org/with/dot.
Expected result
- https://example.org/with/square/brackets
- https://example.org/square/brackets/with/slash/and/comma/
- https://example.org/with/parentheses
- https://example.org/with/comma
- https://example.org/with/dot
Actual result
- https://example.org/with/square/brackets]
- https://example.org/square/brackets/with/slash/and/comma/],
- https://example.org/with/parentheses)
- https://example.org/with/comma,
- https://example.org/with/dot.
Personally for myself, I fixed it this way
In this regex
https://github.com/mautic/mautic/blob/0927aef5b0e54b5036088f11e42642b99731cf24/app/bundles/CoreBundle/Helper/UrlHelper.php#L169
Changed this
... ?(?:/[^\s]*)?_ius';
To this
... ?(?:/[^\s\]\)\.,;]*)?_ius';
Log errors:
_Please check for related errors in the latest log file in [mautic root]/app/log/ and/or the web server's logs and post them here. Be sure to remove sensitive information if applicable._
StudioMaX
All 4 comments
@alanhartless what do you think of this please?
npracht
on 21 Aug 2018
My thoughts are to have someone PR the change then have people test it. Add unit tests with different plain text pay loads and the different URLs to ensure they pass in any scenario we can think of.
alanhartless
on 21 Aug 2018
Thanks @alanhartless let me check if we can handle that.
npracht
on 21 Aug 2018
Hi @StudioMaX & @alanhartless feel free to test and review #6474 :)
npracht
on 22 Aug 2018
Related issues
RCheesley
路
3Comments
jonathands
路
3Comments
morettic2015
路
3Comments
iqbalali
路
4Comments
matishaladiwala
路
4Comments