redirect()->to() is changing value of the base64 parameter

[nowackipawel]

I made a small test and found out that sth bad happen in resolveRelativeURI() method of URI class.

Before return in that method I put:
d($uri, $relative->getQuery(), $transformed->getQuery());
and in some conditions it doesnt work as expected:

$uri string (43) "/login?url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U="   (correct redirection path and fragmenr)
$relative->getQuery() string (38) "url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%3D"  (from (new URI()->setURI($uri))
$transformed->getQuery() string (40) "url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%253D" (after: $transformed->setQuery($relative->getQuery()))

[nowackipawel]

If first conversion is ok cuz = is not safe char for uris that second one ($transformated) is at least strange.

Updated: even if in case showed above sth bad can happen cuz of "=" char in $_GET[url] parameter that in case showed bellow should not:

$uri string (45) "/login?url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%3D"
$relative->getQuery() string (40) "url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%253D"
$transformed->getQuery() string (42) "url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%25253D"

[lonnieezell]

Basically, you're forcing it double-encode it, which the system has no way of knowing is going on. That's up to the developer. If you're expecting a base64-encoded query var, you must take care to decode it when you need it, and before you put it into another situation where it will be encoded again.

[nowackipawel]

Please not it happen in URI class resolveRelativeURI().
I.e. my uri (path+query) string is:
'/login?url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%3D'
and when i pass this uri to redirect()->to('/login?url=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%3D')
it changes two times and this redirecting me to: /loginurl=L3BhY2thZ2UvOC1kYXlzLXBhY2thZ2U%25253D which is not what I expected.