From a73fc78890a973a3b4597e18d921a9697753804b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20Kalij=C3=A4rvi?= <markus.kalijarvi@druid.fi>
Date: Tue, 10 Dec 2024 11:18:13 +0200
Subject: [PATCH] Use trim and rawurlencode to prevent possible infinite loop.

---
 .../EventSubscriber/ForceCompanyAuthorisationSubscriber.php  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/public/modules/custom/grants_handler/src/EventSubscriber/ForceCompanyAuthorisationSubscriber.php b/public/modules/custom/grants_handler/src/EventSubscriber/ForceCompanyAuthorisationSubscriber.php
index f167242ff..216fa6b88 100644
--- a/public/modules/custom/grants_handler/src/EventSubscriber/ForceCompanyAuthorisationSubscriber.php
+++ b/public/modules/custom/grants_handler/src/EventSubscriber/ForceCompanyAuthorisationSubscriber.php
@@ -77,7 +77,7 @@ public function needsRedirectToLogin(RequestEvent $event): bool {
       return FALSE;
     }
     $requestUri = $event->getRequest()->getRequestUri();
-    $urlObject = Url::fromUserInput($requestUri);
+    $urlObject = Url::fromUserInput(trim(rawurldecode($requestUri)));
     if ($urlObject->access(User::getAnonymousUser()) === FALSE) {
       return TRUE;
     }
@@ -107,7 +107,8 @@ public function needsRedirectToMandate(RequestEvent $event): bool {
     if ($selectedCompany !== NULL) {
       return FALSE;
     }
-    $urlObject = Url::fromUserInput($event->getRequest()->getRequestUri());
+    $requestUri = $event->getRequest()->getRequestUri();
+    $urlObject = Url::fromUserInput(trim(rawurldecode($requestUri)));
     $routeName = $urlObject->getRouteName();
 
     $nodeType = '';