Hello,
We maintain a forum using discourse, and we have an automated tool that makes requests like:
agent.get(`${this.baseUrl}/admin/users/list/all.json?email=${emailAddress}`)
I recently found an issue where one of these emails contained a % character. The get request failed I believe because of the unencoded character.
I considered using encodeURI on the email string, but worried discourse may not perform a decode before querying for the matching email, leading to potential false negatives.
I took a look at the github source but I’m not familiar with ruby or the repo enough to know for sure.
Is it safe to use encodeURI on the email addresses passed to the admin/users/list/all route? Will discourse decode params before making the query?