From c42cff691a01e04b7c6c3be3f23c89e385941fb4 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 14 Jul 2024 11:14:37 +0000
Subject: [PATCH] Issue 14295: Store the return url as hex string

---
 src/Content/Text/HTML.php            | 2 +-
 src/Content/Widget/SavedSearches.php | 2 +-
 src/Module/Post/Tag/Remove.php       | 2 +-
 src/Module/Search/Saved.php          | 6 +++++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/Content/Text/HTML.php b/src/Content/Text/HTML.php
index 587c608de9..1a78036cbd 100644
--- a/src/Content/Text/HTML.php
+++ b/src/Content/Text/HTML.php
@@ -868,7 +868,7 @@ class HTML
 			'$save_label'   => $save_label,
 			'$search_hint'  => DI::l10n()->t('@name, !group, #tags, content'),
 			'$mode'         => $mode,
-			'$return_url'   => urlencode(Search::getSearchPath($s)),
+			'$return_url'   => bin2hex(Search::getSearchPath($s)),
 		];
 
 		if (!$aside) {
diff --git a/src/Content/Widget/SavedSearches.php b/src/Content/Widget/SavedSearches.php
index d0917e7cb6..6881b0449a 100644
--- a/src/Content/Widget/SavedSearches.php
+++ b/src/Content/Widget/SavedSearches.php
@@ -61,7 +61,7 @@ class SavedSearches
 			'$add'        => '',
 			'$searchbox'  => '',
 			'$saved'      => $saved,
-			'$return_url' => urlencode($return_url),
+			'$return_url' => bin2hex($return_url),
 		]);
 	}
 }
diff --git a/src/Module/Post/Tag/Remove.php b/src/Module/Post/Tag/Remove.php
index 9636cbba27..f021bad3f9 100644
--- a/src/Module/Post/Tag/Remove.php
+++ b/src/Module/Post/Tag/Remove.php
@@ -68,7 +68,7 @@ class Remove extends \Friendica\BaseModule
 
 	protected function content(array $request = []): string
 	{
-		$returnUrl = $request['return'] ?? '';
+		$returnUrl = hex2bin($request['return'] ?? '');
 
 		if (!$this->session->getLocalUserId()) {
 			$this->baseUrl->redirect($returnUrl);
diff --git a/src/Module/Search/Saved.php b/src/Module/Search/Saved.php
index bbe1757e46..9bef4d6ba5 100644
--- a/src/Module/Search/Saved.php
+++ b/src/Module/Search/Saved.php
@@ -48,7 +48,11 @@ class Saved extends BaseModule
 		$action = $this->args->get(2, 'none');
 		$search = trim(rawurldecode($_GET['term'] ?? ''));
 
-		$return_url = $_GET['return_url'] ?? Search::getSearchPath($search);
+		if (!empty($_GET['return_url'])) {
+			$return_url = hex2bin($_GET['return_url']);
+		} else {
+			$return_url = Search::getSearchPath($search);
+		}
 
 		if (DI::userSession()->getLocalUserId() && $search) {
 			switch ($action) {