From 3a6c2ce2538ac59ec7346a49c474b8aa68721d2b Mon Sep 17 00:00:00 2001
From: Jacob Bednarz <jacob.bednarz@gmail.com>
Date: Mon, 7 Aug 2023 15:07:18 +1000
Subject: [PATCH] cache_purge: don't escape HTML entities in URLs

Ensures the exact cache key will match that which we have stored.

Closes #1350
---
 .changelog/1360.txt | 7 +++++++
 zone.go             | 9 ++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/1360.txt

diff --git a/.changelog/1360.txt b/.changelog/1360.txt
new file mode 100644
index 00000000000..6b2bbae5882
--- /dev/null
+++ b/.changelog/1360.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+cloudflare: swap `encoding/json` for `github.com/goccy/go-json`
+```
+
+```release-note:bug
+cache_purge: don't escape HTML entity values in URLs for cache keys
+```
diff --git a/zone.go b/zone.go
index 978cee4a327..de92880a157 100644
--- a/zone.go
+++ b/zone.go
@@ -672,8 +672,15 @@ func (api *API) PurgeCache(ctx context.Context, zoneID string, pcr PurgeCacheReq
 //
 // API reference: https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags
 func (api *API) PurgeCacheContext(ctx context.Context, zoneID string, pcr PurgeCacheRequest) (PurgeCacheResponse, error) {
+	// manually build the payload to ensure we don't escape HTML entities to
+	// match their keys for purging.
+	payload, err := json.MarshalWithOption(pcr, json.DisableHTMLEscape())
+	if err != nil {
+		return PurgeCacheResponse{}, err
+	}
+
 	uri := fmt.Sprintf("/zones/%s/purge_cache", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, pcr)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, payload)
 	if err != nil {
 		return PurgeCacheResponse{}, err
 	}