diff --git a/src/Symfony/Component/HttpFoundation/HeaderUtils.php b/src/Symfony/Component/HttpFoundation/HeaderUtils.php index 6421b1121ca33..98868509058c8 100644 --- a/src/Symfony/Component/HttpFoundation/HeaderUtils.php +++ b/src/Symfony/Component/HttpFoundation/HeaderUtils.php @@ -228,7 +228,7 @@ public static function parseQuery(string $query, bool $ignoreBrackets = false, s if (false === $i = strpos($k, '[')) { $q[] = bin2hex($k).$v; } else { - $q[] = substr_replace($k, bin2hex(substr($k, 0, $i)), 0, $i).$v; + $q[] = bin2hex(substr($k, 0, $i)).rawurlencode(substr($k, $i)).$v; } } diff --git a/src/Symfony/Component/HttpFoundation/Tests/HeaderUtilsTest.php b/src/Symfony/Component/HttpFoundation/Tests/HeaderUtilsTest.php index b8ad4dfd0a24a..6d7df8b3b3bc2 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/HeaderUtilsTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/HeaderUtilsTest.php @@ -151,6 +151,7 @@ public function provideParseQuery() ['a[b]=c', 'a%5Bb%5D=c'], ['a[b][c.d]=c', 'a%5Bb%5D%5Bc.d%5D=c'], ['a%5Bb%5D=c'], + ['f[%2525][%26][%3D][p.c]=d', 'f%5B%2525%5D%5B%26%5D%5B%3D%5D%5Bp.c%5D=d'], ]; }