Slashes in route params are unescaped when passing uri option

[weierophinney]

• I was not able to find an open or closed issue matching what I'm seeing.
• This is not a question. (Questions should be asked on slack (Signup for Slack here) or our forums.)

I expect a parameter passed to a segment route to always be escaped. When I pass an uri option when assembling a route, for whatever reason slashes in the route parameters are unescaped. This causes the route to no longer match correctly.

$router = \Zend\Router\Http\TreeRouteStack::factory([
    'routes' => [
        'example-route' => [
            'type' => \Zend\Router\Http\Segment::class,
            'options' => [
                'route' => '/example/route/with/:token',
            ],
        ],
    ],
]);

var_dump($router->assemble([
    'token' => 'token/with/slashes',
], [
    'name' => 'example-route',
]));
// string(42) "/example/route/with/token%2Fwith%2Fslashes"

var_dump($router->assemble([
    'token' => 'token/with/slashes',
], [
    'name' => 'example-route',
    'uri' => new \Zend\Uri\Uri('/'),
]));
// string(38) "/example/route/with/token/with/slashes"

I expect the token parameter in the second case to also become encoded. For some reason passing an uri without normalize_path: false normalizes the path, unescaping the passed parameters.

Undesired normalization happens by default in these places:

https://github.com/zendframework/zend-router/blob/5ce5ff9630c4467e3eaf7cf06d78dbb2296a41b4/src/Http/TreeRouteStack.php#L420-L422

https://github.com/zendframework/zend-router/blob/5ce5ff9630c4467e3eaf7cf06d78dbb2296a41b4/src/Http/TreeRouteStack.php#L428-L430

---

Originally posted by @villermen at zendframework/zend-router#56

[demiankatz]

Just a quick note to say that I fell foul of the same problem, though I was able to work around it by adding the normalize_path: false option too.