14.2.0's decoding auth_digest parameters breaks authentication if "uri" contains encoded slashes

• I’m submitting a …

• bug report

• What is the current behavior?

Starting with 14.2, parameters are decoded in cherrypy/lib/auth_digest.py:HttpDigestAuthorization’s constructor.

One of the parameters is uri. If uricontains e.g. a slash, I get an authentication loop.

• If the current behavior is a bug, please provide the steps to reproduce and if possible a screenshots and logs of the problem. If you can, show us your code.

• start up application
• enter an URL, e.g. testhost:8080/test_page?from=%2F
• enjoy the loop

• What is the expected behavior?

• serving the page

• Please tell us about your environment:

• Cheroot version: 6.3.1
• CherryPy version: 14.2.0 or 15.0.0
• Python version: 3.6 and 3.5
• OS: Mac OSX and Linux
• Browser: at_least([Chrome | Firefox])

(PR to follow.)