You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by sa...@apache.org on 2012/10/02 09:22:05 UTC
svn commit: r1392766 - in /ofbiz/trunk/framework:
webapp/src/org/ofbiz/webapp/control/RequestHandler.java
widget/src/org/ofbiz/widget/WidgetWorker.java
Author: sascharodekamp
Date: Tue Oct 2 07:22:05 2012
New Revision: 1392766
URL: http://svn.apache.org/viewvc?rev=1392766&view=rev
Log:
Bug Fix: No Url encoding for get parameters (https://issues.apache.org/jira/browse/OFBIZ-2628). Thanks Wojciech Szymanowski for the hint. This Patch fixes the problems with parameters from hidden fields sending with POST method and parameters sending during "request-redirect" response type
Modified:
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1392766&r1=1392765&r2=1392766&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Tue Oct 2 07:22:05 2012
@@ -58,6 +58,7 @@ import org.ofbiz.webapp.view.ViewFactory
import org.ofbiz.webapp.view.ViewHandler;
import org.ofbiz.webapp.view.ViewHandlerException;
import org.ofbiz.webapp.website.WebSiteWorker;
+import org.owasp.esapi.errors.EncodingException;
/**
* RequestHandler - Request Processor Object
@@ -967,32 +968,36 @@ public class RequestHandler {
value = request.getParameter(from);
}
- if (UtilValidate.isNotEmpty(value)) {
- if (queryString.length() > 1) {
- queryString.append("&");
- }
- queryString.append(name);
- queryString.append("=");
- queryString.append(value);
- }
+ addNameValuePairToQueryString(queryString, name, (String) value);
}
+
for (Map.Entry<String, String> entry: requestResponse.redirectParameterValueMap.entrySet()) {
String name = entry.getKey();
String value = entry.getValue();
- if (UtilValidate.isNotEmpty(value)) {
- if (queryString.length() > 1) {
- queryString.append("&");
- }
- queryString.append(name);
- queryString.append("=");
- queryString.append(value);
- }
+ addNameValuePairToQueryString(queryString, name, value);
}
+
return queryString.toString();
}
}
+ private void addNameValuePairToQueryString(StringBuilder queryString, String name, String value) {
+ if (UtilValidate.isNotEmpty(value)) {
+ if (queryString.length() > 1) {
+ queryString.append("&");
+ }
+
+ try {
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name));
+ queryString.append("=");
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value));
+ } catch (EncodingException e) {
+ Debug.logError(e, module);
+ }
+ }
+ }
+
public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url, ConfigXMLReader.RequestResponse requestResponse) {
String initialLink = this.makeLink(request, response, url);
String queryString = this.makeQueryString(request, requestResponse);
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1392766&r1=1392765&r2=1392766&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Tue Oct 2 07:22:05 2012
@@ -283,10 +283,15 @@ public class WidgetWorker {
for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
if (parameter.getValue() != null) {
+ String key = parameter.getKey();
+
writer.append("<input name=\"");
- writer.append(parameter.getKey());
+ writer.append(key);
writer.append("\" value=\"");
- writer.append(parameter.getValue());
+
+ String valueFromContext = context.containsKey(key) ?
+ context.get(key).toString() : parameter.getValue();
+ writer.append(valueFromContext);
writer.append("\" type=\"hidden\"/>");
}
}