You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2015/09/16 22:32:38 UTC
svn commit: r1703460 -
/ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
Author: jleroux
Date: Wed Sep 16 20:32:38 2015
New Revision: 1703460
URL: http://svn.apache.org/r1703460
Log:
A patch from Oleg Andreyev for "Incorrectly encoded url in form widget" https://issues.apache.org/jira/browse/OFBIZ-6622
This issue was fixed in trunk under OFBIZ-5910 but 12.04 and 13.07 are still affected.
I think we should do the same there as well. The patch is slightly changed to be applied smoothly in these releases.
Modified:
ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
Modified: ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1703460&r1=1703459&r2=1703460&view=diff
==============================================================================
--- ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original)
+++ ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Wed Sep 16 20:32:38 2015
@@ -31,6 +31,7 @@ import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilDateTime;
@@ -56,11 +57,13 @@ public class WidgetWorker {
public static void buildHyperlinkUrl(Appendable externalWriter, String target, String targetType, Map<String, String> parameterMap,
String prefix, boolean fullPath, boolean secure, boolean encode, HttpServletRequest request, HttpServletResponse response, Map<String, Object> context) throws IOException {
- String localRequestName = UtilHttp.encodeAmpersands(target);
+
// We may get an encoded request like: /projectmgr/control/EditTaskContents?workEffortId=10003
// Try to reducing a possibly encoded string down to its simplest form: /projectmgr/control/EditTaskContents?workEffortId=10003
// This step make sure the following appending externalLoginKey operation to work correctly
- localRequestName = StringUtil.defaultWebEncoder.canonicalize(localRequestName);
+ String localRequestName = StringEscapeUtils.unescapeHtml(target);
+
+ localRequestName = UtilHttp.encodeAmpersands(localRequestName);
Appendable localWriter = new StringWriter();
if ("intra-app".equals(targetType)) {