My Mautic version is: 2.16.2
My PHP version is: 7.2.24
We add a link to an email, for example https://twitter.com/someaccount
When the email is sent, Mautic turns this into a tracking link: https://mautic.ourdomain.com/r/xxx?ct=yyy&
Here, xxx is a 25-character hexadecimal string, and yyy is a much longer string which is base64-encoded tracking data. So far, so good.
However, when requesting this URL, Mautic responds with a Location header (redirect) to https://twitter.com/someaccount?r%2Fxxx=
The xxx is the same as in the redirect URL.
Twitter doesn’t mind and just gives you the right content, but in general, this is a different URL than the one we specified, so there’s no telling where it might lead! In our case we are dealing with a rather picky web server which will redirect to the wrong place if any URL parameters are present.
Where is this extra URL parameter coming from, and how do I stop Mautic from adding it? Ideally to this one link (I imagine the cruft is meant for third parties tracking traffic from us), but globally if we have to.
I dug into the source code and I believe it might be a bug in Mautic, although I can’t quite put my finger on it.
The relevant code is here:
In particular, I notice that r%2Fxxx decodes to r/xxx which is probably not added to the returned URL on purpose! The ct parameter is unset, which should leave $query an empty array, but note that there’s a stray & at the end of the original URL so maybe $q is not entirely empty. How r/xxx would end up as part of the incoming query string though, remains a mystery to me.
Unfortunately we can’t upgrade to Mautic 3 yet because we’re waiting for some fixes to land there, so I’m hesitant to file a bug report in case this has already been fixed.