From 630496f0631b2709c2193ee51cdb00755ccfdb71 Mon Sep 17 00:00:00 2001
From: Stefan Wachter <stefan.wachter@gmx.de>
Date: Mon, 17 Jun 2024 08:46:39 +0200
Subject: [PATCH 1/4] Apply encodeURIComponent on path parameter value

---
 packages/openapi-fetch/src/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/openapi-fetch/src/index.js b/packages/openapi-fetch/src/index.js
index e0cb43cb0..34cece9f3 100644
--- a/packages/openapi-fetch/src/index.js
+++ b/packages/openapi-fetch/src/index.js
@@ -397,7 +397,7 @@ export function defaultPathSerializer(pathname, pathParams) {
       nextURL = nextURL.replace(match, `;${serializePrimitiveParam(name, value)}`);
       continue;
     }
-    nextURL = nextURL.replace(match, style === "label" ? `.${value}` : value);
+    nextURL = nextURL.replace(match, style === "label" ? `.${encodeURIComponent(value)}` : encodeURIComponent(value));
   }
   return nextURL;
 }

From 808b9b062db0fc4cd2b5e6980ac7c3eced7607ec Mon Sep 17 00:00:00 2001
From: Stefan Wachter <stefan.wachter@otto.de>
Date: Mon, 17 Jun 2024 09:05:38 +0200
Subject: [PATCH 2/4] add changeset

---
 .changeset/wet-days-crash.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/wet-days-crash.md

diff --git a/.changeset/wet-days-crash.md b/.changeset/wet-days-crash.md
new file mode 100644
index 000000000..73b6df6c6
--- /dev/null
+++ b/.changeset/wet-days-crash.md
@@ -0,0 +1,5 @@
+---
+"openapi-fetch": patch
+---
+
+Fix: encode primitive path parameters

From b955a43d6b180000d40cba41d9379a9cece069fb Mon Sep 17 00:00:00 2001
From: Stefan Wachter <stefan.wachter@otto.de>
Date: Mon, 24 Jun 2024 17:50:24 +0200
Subject: [PATCH 3/4] Fix "params / path / allows UTF-8 characters" test

---
 packages/openapi-fetch/test/index.test.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/openapi-fetch/test/index.test.ts b/packages/openapi-fetch/test/index.test.ts
index f49979740..6b4550365 100644
--- a/packages/openapi-fetch/test/index.test.ts
+++ b/packages/openapi-fetch/test/index.test.ts
@@ -220,8 +220,7 @@ describe("client", () => {
 
           // expect post_id to be encoded properly
           const url = getRequestUrl();
-          expect(url.searchParams.get("id ")).toBe(" 🥴");
-          expect(url.pathname + url.search).toBe("/blogposts/post?id%20=%20%F0%9F%A5%B4");
+          expect(url.pathname).toBe("/blogposts/post%3Fid%20%3D%20%F0%9F%A5%B4");
         });
       });
 

From 2f853c08b71b334218662dd35a477ffe8b60a32f Mon Sep 17 00:00:00 2001
From: Stefan Wachter <stefan.wachter@otto.de>
Date: Mon, 24 Jun 2024 18:41:21 +0200
Subject: [PATCH 4/4] Add more tests for path parameter encoding

---
 packages/openapi-fetch/test/index.test.ts | 40 +++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/packages/openapi-fetch/test/index.test.ts b/packages/openapi-fetch/test/index.test.ts
index 6b4550365..78d1c20e5 100644
--- a/packages/openapi-fetch/test/index.test.ts
+++ b/packages/openapi-fetch/test/index.test.ts
@@ -206,6 +206,42 @@ describe("client", () => {
           );
         });
 
+        it("escapes reserved characters in path segment", async () => {
+          const client = createClient<paths>({ baseUrl });
+          const { getRequestUrl } = useMockRequestHandler({
+            baseUrl,
+            method: "get",
+            path: "/blogposts/*",
+          });
+
+          await client.GET("/blogposts/{post_id}", {
+            params: { path: { post_id: ";/?:@&=+$,# " } },
+          });
+
+          // expect post_id to be encoded properly
+          const url = getRequestUrl();
+          expect(url.pathname).toBe("/blogposts/%3B%2F%3F%3A%40%26%3D%2B%24%2C%23%20");
+        });
+
+        it("does not escape allowed characters in path segment", async () => {
+          const client = createClient<paths>({ baseUrl });
+          const { getRequestUrl } = useMockRequestHandler({
+            baseUrl,
+            method: "get",
+            path: "/blogposts/*",
+          });
+
+          const postId = "aAzZ09-_.!~*'()";
+
+          await client.GET("/blogposts/{post_id}", {
+            params: { path: { post_id: postId } },
+          });
+
+          // expect post_id to stay unchanged
+          const url = getRequestUrl();
+          expect(url.pathname).toBe(`/blogposts/${postId}`);
+        });
+
         it("allows UTF-8 characters", async () => {
           const client = createClient<paths>({ baseUrl });
           const { getRequestUrl } = useMockRequestHandler({
@@ -215,12 +251,12 @@ describe("client", () => {
           });
 
           await client.GET("/blogposts/{post_id}", {
-            params: { path: { post_id: "post?id = 🥴" } },
+            params: { path: { post_id: "🥴" } },
           });
 
           // expect post_id to be encoded properly
           const url = getRequestUrl();
-          expect(url.pathname).toBe("/blogposts/post%3Fid%20%3D%20%F0%9F%A5%B4");
+          expect(url.pathname).toBe("/blogposts/%F0%9F%A5%B4");
         });
       });