From a67bc257b60f7f1c4291746cb0e9f1b2151024c7 Mon Sep 17 00:00:00 2001
From: Rich Lott / Artful Robot <forums@artfulrobot.uk>
Date: Thu, 11 Jun 2020 17:34:01 +0100
Subject: [PATCH] Fix order of htmldecode/encode calls

---
 src/ClickTracker/BaseClickTracker.php |  2 +-
 src/ClickTracker/HtmlClickTracker.php | 12 +++++++-----
 src/ClickTracker/TextClickTracker.php |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/ClickTracker/BaseClickTracker.php b/src/ClickTracker/BaseClickTracker.php
index c49da45..fe40e96 100644
--- a/src/ClickTracker/BaseClickTracker.php
+++ b/src/ClickTracker/BaseClickTracker.php
@@ -40,7 +40,7 @@ public static function getTrackerURLForUrlWithTokens($url, $mailing_id, $queue_i
 
     $trackable_url = $parsed[1];
 
-    // Proces the query parameters, if there are any.
+    // Process the query parameters, if there are any.
     $tokenised_params = [];
     $static_params = [];
     if (!empty($parsed[2])) {
diff --git a/src/ClickTracker/HtmlClickTracker.php b/src/ClickTracker/HtmlClickTracker.php
index ddb5e93..c9f7226 100644
--- a/src/ClickTracker/HtmlClickTracker.php
+++ b/src/ClickTracker/HtmlClickTracker.php
@@ -19,7 +19,12 @@ public function filterContent($msg, $mailing_id, $queue_id) {
     return self::replaceHrefUrls($msg,
       function ($url) use ($mailing_id, $queue_id, $getTrackerURL) {
         if (strpos($url, '{') !== FALSE) {
-          $data = BaseClickTracker::getTrackerURLForUrlWithTokens($url, $mailing_id, $queue_id);
+          // If there are tokens in the URL use special treatment.
+
+          // Since we're dealing with HTML let's strip out the entities in the URL
+          // so that we can add them back in later.
+          $originalUrlDecoded = html_entity_decode($url);
+          $data = BaseClickTracker::getTrackerURLForUrlWithTokens($originalUrlDecoded, $mailing_id, $queue_id);
         }
         else {
           $data = $getTrackerURL($url, $mailing_id, $queue_id);
@@ -42,9 +47,7 @@ function ($url) use ($mailing_id, $queue_id, $getTrackerURL) {
   public static function replaceHrefUrls($html, $replace) {
     $useNoFollow = TRUE;
     $callback = function ($matches) use ($replace, $useNoFollow) {
-      // Since we're dealing with HTML let's strip out the entities in the URL
-      // so tht we can add them back in later.
-      $replacement = $replace(html_entity_decode($matches[2]));
+      $replacement = $replace($matches[2]);
 
       // See: https://github.com/civicrm/civicrm-core/pull/12561
       // If we track click-throughs on a link, then don't encourage search-engines to traverse them.
@@ -65,7 +68,6 @@ public static function replaceHrefUrls($html, $replace) {
       ';(\<[^>]*href *= *\')([^\'>]+)(\');', $callback, $tmp);
   }
 
-
   //  /**
   //   * Find URL expressions; replace them with tracked URLs.
   //   *
diff --git a/src/ClickTracker/TextClickTracker.php b/src/ClickTracker/TextClickTracker.php
index c7401e9..de05e6d 100644
--- a/src/ClickTracker/TextClickTracker.php
+++ b/src/ClickTracker/TextClickTracker.php
@@ -19,7 +19,7 @@ public function filterContent($msg, $mailing_id, $queue_id) {
     return self::replaceTextUrls($msg,
       function ($url) use ($mailing_id, $queue_id, $getTrackerURL) {
         if (strpos($url, '{') !== FALSE) {
-          $data = HtmlClickTracker::getTrackerURLForUrlWithTokens($url, $mailing_id, $queue_id);
+          $data = BaseClickTracker::getTrackerURLForUrlWithTokens($url, $mailing_id, $queue_id);
         }
         else {
           $data = $getTrackerURL($url, $mailing_id, $queue_id);