From 5655ecb9d3cec53fdd7494f604effba20fc5997f Mon Sep 17 00:00:00 2001
From: Aaron Piotrowski <aaron@trowski.com>
Date: Wed, 3 Jul 2024 18:35:04 -0500
Subject: [PATCH] Do not decode %2F in path

---
 src/Router.php      | 4 +++-
 test/RouterTest.php | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Router.php b/src/Router.php
index b60409f..f5aca1f 100644
--- a/src/Router.php
+++ b/src/Router.php
@@ -74,7 +74,9 @@ public function handleRequest(Request $request): Response
         }
 
         $method = $request->getMethod();
-        $path = \rawurldecode($request->getUri()->getPath());
+
+        $path = \str_ireplace('%2F', '%252F', $request->getUri()->getPath());
+        $path = \rawurldecode($path);
 
         $toMatch = "{$method}\0{$path}";
 
diff --git a/test/RouterTest.php b/test/RouterTest.php
index 0fd7b8d..26b2142 100644
--- a/test/RouterTest.php
+++ b/test/RouterTest.php
@@ -214,11 +214,11 @@ public function testPathIsMatchedDecoded(): void
         });
 
         $router = new Router($this->server, $this->testLogger, $this->errorHandler);
-        $router->addRoute("GET", "/fo+ö", $requestHandler);
+        $router->addRoute("GET", "/fo+%2Fö bar", $requestHandler);
 
         $this->server->start($router, $this->errorHandler);
 
-        $uri = "/fo+" . \rawurlencode("ö");
+        $uri = "/fo+%2F" . \rawurlencode("ö ") . 'bar';
 
         $request = new Request($this->createMock(Client::class), "GET", Uri\Http::createFromString($uri));
         $response = $router->handleRequest($request);