You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Pawan Verma (JIRA)" <ji...@apache.org> on 2019/06/24 13:03:00 UTC

[jira] [Assigned] (OFBIZ-10539) Issue with opening a page via bookmark when the user is logged out

     [ https://issues.apache.org/jira/browse/OFBIZ-10539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pawan Verma reassigned OFBIZ-10539:
-----------------------------------

    Assignee: Pawan Verma  (was: Ritesh Kumar)

> Issue with opening a page via bookmark when the user is logged out
> ------------------------------------------------------------------
>
>                 Key: OFBIZ-10539
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10539
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk, Release Branch 17.12
>            Reporter: Ritesh Kumar
>            Assignee: Pawan Verma
>            Priority: Major
>         Attachments: OFBIZ-10539.patch
>
>
> Please refer to the discussions on [dev-mailing-list|https://markmail.org/message/zbdjmghgqldxbnbu]
> There are issues with opening a bookmarked page when the user is logged out. 
> Steps to generate: 
> (Please refer [Demo-trunk|https://demo-trunk.ofbiz.apache.org/webtools/control/main])
> 1. Open this link, [FindWorkEffort|https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort]. Find Work Effort screen will be rendered.
> 2. Inspect and change the form method to "GET".
> 3. Apply any of the two statuses (say, Cancelled and Declined). Click on Find.
> 4. Records will be fetched according to the applied filters. 
> 5. Check the URL. Cancelled and Declined statuses must be there in the URL.
> 6. Bookmark this page and log out.
> 7. Now, open the bookmark.
> 8. The login page will be rendered. Check the URL here. It will be the same as it was when the page was being bookmarked.
> 9. Type in the credentials and log in.
> 10. The result may be different. Check the URL. One of the statuses is gone. 
> Following are the issues: 
> The bug here is (supposing the GET method is used)
> 1. On opening the bookmark, the page is rendered with double encoding (if the value had a space character initially, the space character was already encoded into '+' in the URL and when this bookmark is opened, this '+' is again encoded). This particular issue cannot be generated from the above-mentioned steps but it exists. 
> 2. Suppose the bookmarked URL had multiple values from the same filter (say, Cancelled and Declined status), it renders with just one of the statutes applied. It is because the request handler prepares a Map of parameters from the query string and as is the property of Map to replace the old value if a new value is being added with the same key (in this example, first Cancelled status is put in this Map and then Declined), only Declined status is put in this Map. 
> What happens is that the request handler prepares a map of query parameters from the query string and this map is used to create a redirect target.  This redirect target (at this instance having both the above-mentioned issues) is called upon to render the requested page.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)