WTF Is uenc?

Published: March 6, 2017

Tags:

If you’ve worked with Magento before, you’ve probably seen a URL that looks like this…

https://example.com/checkout/cart/add/uenc/aHR0cDovL21hZ2VudG8tMV8xNF8xXzAuZGV2L2xpbmVuLWJsYXplci01MzguaHRtbA,,/product/406/form_key/giZIAWUXy2azlHw1/

Have you ever wondered to yourself, WTF is uenc?

In this post I’ll explore that question…

Resolving Referrer URLs

NOTE: This post is based on the Magento 1 code base. However, Magento 2 contains the same implementation of uenc.

In Mage_Core_Controller_Varien_Action there is a function called _getRefererUrl. It looks like this…

protected function _getRefererUrl()
{
    $refererUrl = $this->getRequest()->getServer('HTTP_REFERER');
    if ($url = $this->getRequest()->getParam(self::PARAM_NAME_REFERER_URL)) {
        $refererUrl = $url;
    }
    if ($url = $this->getRequest()->getParam(self::PARAM_NAME_BASE64_URL)) {
        $refererUrl = Mage::helper('core')->urlDecodeAndEscape($url);
    }
    if ($url = $this->getRequest()->getParam(self::PARAM_NAME_URL_ENCODED)) {
        $refererUrl = Mage::helper('core')->urlDecodeAndEscape($url);
    }

    if (!$this->_isUrlInternal($refererUrl)) {
        $refererUrl = Mage::app()->getStore()->getBaseUrl();
    }
    return $refererUrl;
}

If you look at the top of Mage_Core_Controller_Varien_Action you’ll see that PARAM_NAME_URL_ENCODED is defined as follows.

const PARAM_NAME_URL_ENCODED        = 'uenc';

Aha! So uenc is an abbreviation for “URL Encoded”.

Digging in to Mage_Core_Helper_Abstract we can see that urlDecode ultimately base64_decodes the URL.

public function urlDecode($url)
{
    $url = base64_decode(strtr($url, '-_,', '+/='));
    return Mage::getSingleton('core/url')->sessionUrlVar($url);
}

Putting this all together, we can see that if uenc is passed in as a request parameter to Magento it can be used to override the referrer that would otherwise be resolved via $_SERVER['HTTP_REFERER'].

What Do We Do With The Referrer URL?

If you take a look at _goBack in Mage_Checkout_CartController you’ll see the following.

protected function _goBack()
{
    $returnUrl = $this->getRequest()->getParam('return_url');
    if ($returnUrl) {

        if (!$this->_isUrlInternal($returnUrl)) {
            throw new Mage_Exception('External urls redirect to "' . $returnUrl . '" denied!');
        }

        $this->_getSession()->getMessages(true);
        $this->getResponse()->setRedirect($returnUrl);
    } elseif (!Mage::getStoreConfig('checkout/cart/redirect_to_cart')
        && !$this->getRequest()->getParam('in_cart')
        && $backUrl = $this->_getRefererUrl()
    ) {
        $this->getResponse()->setRedirect($backUrl);
    } else {
        if (($this->getRequest()->getActionName() == 'add') && !$this->getRequest()->getParam('in_cart')) {
            $this->_getSession()->setContinueShoppingUrl($this->_getRefererUrl());
        }
        $this->_redirect('checkout/cart');
    }
    return $this;
}

We can see that the referrer URL is accessed here…

elseif (!Mage::getStoreConfig('checkout/cart/redirect_to_cart')
    && !$this->getRequest()->getParam('in_cart')
    && $backUrl = $this->_getRefererUrl()
) {
    $this->getResponse()->setRedirect($backUrl);
}

Let’s break this down. You’ll be redirected to the referrer URL when adding to cart if…

  1. The return_url parameter is not passed
  2. The store is not configured to redirect the user to the cart
  3. The in_cart parameter is not passed

How Is uenc passed?

Going back to the /checkout/cart/add URL example above, if we take a look at getAddToCartUrl defined in Mage_Catalog_Block_Product_View we see the following…

public function getAddToCartUrl($product, $additional = array())
{
    if ($this->hasCustomAddToCartUrl()) {
        return $this->getCustomAddToCartUrl();
    }

    if ($this->getRequest()->getParam('wishlist_next')) {
        $additional['wishlist_next'] = 1;
    }

    $addUrlKey = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
    $addUrlValue = Mage::getUrl('*/*/*', array('_use_rewrite' => true, '_current' => true));
    $additional[$addUrlKey] = Mage::helper('core')->urlEncode($addUrlValue);

    return $this->helper('checkout/cart')->getAddUrl($product, $additional);
}

The important part is here…

$addUrlKey = Mage_Core_Controller_Front_Action::PARAM_NAME_URL_ENCODED;
$addUrlValue = Mage::getUrl('*/*/*', array('_use_rewrite' => true, '_current' => true));
$additional[$addUrlKey] = Mage::helper('core')->urlEncode($addUrlValue);

return $this->helper('checkout/cart')->getAddUrl($product, $additional);

This is where the uenc parameter is prepared and added to the “Add To Cart” URL.

Conclusion

I hope this post came in useful for some people. I know when I first saw uenc in Magento URLs I had no idea what it was.

If you have any questions or comments, feel free to drop a note below, or, as always, you can reach me on Twitter as well.


Max Chadwick Hi, I'm Max!

I'm a software developer who mainly works in PHP, but loves dabbling in other languages like Go and Ruby. Technical topics that interest me are monitoring, security and performance. I'm also a stickler for good documentation and clear technical writing.

During the day I lead a team of developers and solve challenging technical problems at Rightpoint where I mainly work with the Magento platform. I've also spoken at a number of events.

In my spare time I blog about tech, work on open source and participate in bug bounty programs.

If you'd like to get in contact, you can find me on Twitter and LinkedIn.