There were changes made to the ad_return_url proc to deprecate the -urlencode flag. This change appears to have been made in August of 2021. We are just now upgrading our sites to include this code.
The proc states that the flag has been deprecated because the result is now encoded by default. The problem is that this is not quite the case. The path gets ns_urlencode(d) but the query list does not.
Is this by design or is it an omission? From my perspective, the entire url should be encoded, not just the path. I do not know that I have seen a path that needed to be encoded but certainly a url that is composed with several items in the query string needs to be encoded. This prevents those items being misinterpreted in a url containing the return_url as one of its query items.
Being that this was purposefully changed, I am not sure what the preferred fix would be: either reinstating the flag or calling ns_urlencode on the final constructed url at return time instead of just on the base_url.
I am happy to submit either one of these fixes if you can tell me which is preferred or if I am missing something altogether which supports the code as it currently is.
What is the best way to proceed?
Thanks,
-Tony Kirkham
