URL Escaping Error in Parse SDK's whereRelatedTo Method

[juriSacchetta]

New Issue Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.
• I can reproduce the issue with the latest version of Parse Server and the Parse Flutter SDK.

Issue Description

I am writing to report an issue I encountered while developing my application using the Parse SDK. Specifically, I am experiencing a problem related to URL escaping, particularly when using the whereRelatedTo method.

Context:

I have integrated the Parse SDK into my application to interact with a Parse server via its REST HTTP API. However, I have discovered that when using the whereRelatedTo method from the Parse SDK, an error occurs due to incorrect URL escaping.

Issue Description:

Upon making requests using the Parse SDK's whereRelatedTo method, the server consistently responds with an internal server error. After further investigation, I found that the error is related to URL escaping. I have observed that when manually constructing and sending the request using CURL, following the API documentation guidelines and proper URL encoding, the error does not occur.

Example:

Computed URL with incorrect escaping using Parse SDK:

curl -X GET -H 'user-agent: Flutter Parse SDK 5.1.2' -H 'X-Parse-Application-Id: ' -H 'X-Parse-Session-Token: ' -H 'X-Parse-Client-Key: ' https://parseapi.back4app.com/classes/Post?where=%7B%22Community%22:%7B%22$inQuery%22:%7B%22where%22:%7B%22$relatedTo%22:%7B%22object%22:%7B%22__type%22:%22Pointer%22,%22className%22:%22_User%22,%22objectId%22:%22jJ9AqGGQQB%22%7D,%22key%22:%22CommunitySubscription%22%7D%7D,%22className%22:%22Community%22,%7D%7D%7D&order=-createdAt&limit=10

Server response

I/flutter ( 2474): ╭-- Parse Response
I/flutter ( 2474): Class: Post
I/flutter ( 2474): Function: ParseApiRQ.query
I/flutter ( 2474): Status Code: 1
I/flutter ( 2474): Type: InternalServerError
I/flutter ( 2474): Error: null
I/flutter ( 2474): ╰-- 

Working CURL command with proper URL encoding:

curl -X GET -H 'user-agent: Flutter Parse SDK 5.1.2' -H 'X-Parse-Application-Id: ' -H 'X-Parse-Session-Token: ' -H 'X-Parse-Client-Key: ' -G --data-urlencode 'where={"Community":{"$inQuery":{"where":{"$relatedTo":{"object":{"__type":"Pointer","className":"_User","objectId":"jJ9AqGGQQB"},"key":"CommunitySubscription"}},"className":"Community"}}}' https://parseapi.back4app.com/classes/Post 

Url escaped using curl and saved using curl option --trace-ascii

GET /classes/Post?where=%7b%22Community%22%3a%7b%22%24inQuery%22
0040: %3a%7b%22where%22%3a%7b%22%24relatedTo%22%3a%7b%22object%22%3a%7
0080: b%22__type%22%3a%22Pointer%22%2c%22className%22%3a%22_User%22%2c
00c0: %22objectId%22%3a%22jJ9AqGGQQB%22%7d%2c%22key%22%3a%22CommunityS
0100: ubscription%22%7d%7d%2c%22className%22%3a%22Community%22%7d%7d%7

Parse Flutter SDK

• SDK version: 5.1.2
• Flutter version: 3.10.5
• Dart version: 3.0.1
• Operating system version: Arch Linux, Linux 6.3.8-zen1-1-zen x86_64

Server

• Parse Server version: 4.5.0 (hosted by back4app)

[parse-github-assistant]

Thanks for opening this issue!

• 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.