fix(url): double-encode dots as %252E for NGINX compatibility

[matteotrubini]

In certain NGINX configurations, unencoded dots in URLs may trigger asset-serving rules, resulting in 404 errors. rawurlencode() skips dots, but RFC 3986 allows dot encoding, so we manually double-encode them.

Summary by CodeRabbit

• Bug Fixes
  • Prevented resized images from returning 404s in certain server configurations by improving how dot characters are encoded in generated resizer URLs.
• Tests
  • Expanded URL encoding/decoding assertions to verify correct double-encoding behavior for dot characters in both resizer and resized image URLs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0b9adaf3-dae9-49a8-94d9-b4a203c3cc29

📥 Commits

Reviewing files that changed from the base of the PR and between 4a54115 and 0463993.

📒 Files selected for processing (1)

• modules/system/tests/classes/ImageResizerTest.php

✅ Files skipped from review due to trivial changes (1)

• modules/system/tests/classes/ImageResizerTest.php

---

Walkthrough

In ImageResizer::getResizerUrl(), a new post-processing step replaces all dot characters (.) with the double-encoded sequence %252E in $resizedUrl. This happens after the existing double-rawurlencode() logic. The test suite now checks the resized URL and resizer URL encodings under cms.linkPolicy = 'detect'.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title is concise and accurately summarizes the main change: double-encoding dots in URLs for NGINX compatibility.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@modules/system/classes/ImageResizer.php`:
- Around line 586-588: The identifier generation in the ImageResizer class is
based on the original URL with unencoded dots, but the actual encoded URL being
sent has dots replaced with %252E. This causes a validation mismatch in
getValidResizedUrl() where the hash comparison fails because the identifier was
generated from a different URL format than what is being validated. Move the
identifier generation (the hash_hmac call that creates the identifier) to occur
AFTER the dot replacement on line 588, so that the identifier is computed from
the modified $resizedUrl that contains %252E instead of literal dots, ensuring
consistency between the encoded URL and its corresponding identifier throughout
the validation process.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0542cb98-530f-4e7b-a547-f06ab95ca767

📥 Commits

Reviewing files that changed from the base of the PR and between 8b102ac and a261f1e.

📒 Files selected for processing (1)

• modules/system/classes/ImageResizer.php

[LukeTowers]

@matteotrubini can you add tests for this?