You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by sa...@apache.org on 2012/10/02 09:23:12 UTC
svn commit: r1392768 - in /ofbiz/branches/release11.04/framework:
webapp/src/org/ofbiz/webapp/control/RequestHandler.java
widget/src/org/ofbiz/widget/WidgetWorker.java
Author: sascharodekamp
Date: Tue Oct 2 07:23:11 2012
New Revision: 1392768
URL: http://svn.apache.org/viewvc?rev=1392768&view=rev
Log:
Bug Fix: No Url encoding for get parameters (https://issues.apache.org/jira/browse/OFBIZ-2628). Thanks Wojciech Szymanowski for the hint. This Patch fixes the problems with parameters from hidden fields sending with POST method and parameters sending during "request-redirect" response type
Modified:
ofbiz/branches/release11.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
Modified: ofbiz/branches/release11.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1392768&r1=1392767&r2=1392768&view=diff
==============================================================================
--- ofbiz/branches/release11.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/release11.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Tue Oct 2 07:23:11 2012
@@ -58,6 +58,7 @@ import org.ofbiz.webapp.view.ViewFactory
import org.ofbiz.webapp.view.ViewHandler;
import org.ofbiz.webapp.view.ViewHandlerException;
import org.ofbiz.webapp.website.WebSiteWorker;
+import org.owasp.esapi.errors.EncodingException;
/**
* RequestHandler - Request Processor Object
@@ -924,7 +925,7 @@ public class RequestHandler {
* @return
*/
public String makeQueryString(HttpServletRequest request, ConfigXMLReader.RequestResponse requestResponse) {
- if (requestResponse == null ||
+ if (requestResponse == null ||
(requestResponse.redirectParameterMap.size() == 0 && requestResponse.redirectParameterValueMap.size() == 0)) {
Map<String, Object> urlParams = UtilHttp.getUrlOnlyParameterMap(request);
String queryString = UtilHttp.urlEncodeArgs(urlParams, false);
@@ -944,32 +945,34 @@ public class RequestHandler {
value = request.getParameter(from);
}
- if (UtilValidate.isNotEmpty(value)) {
- if (queryString.length() > 1) {
- queryString.append("&");
- }
- queryString.append(name);
- queryString.append("=");
- queryString.append(value);
- }
+ addNameValuePairToQueryString(queryString, name, (String) value);
}
for (Map.Entry<String, String> entry: requestResponse.redirectParameterValueMap.entrySet()) {
String name = entry.getKey();
String value = entry.getValue();
- if (UtilValidate.isNotEmpty(value)) {
- if (queryString.length() > 1) {
- queryString.append("&");
- }
- queryString.append(name);
- queryString.append("=");
- queryString.append(value);
- }
+ addNameValuePairToQueryString(queryString, name, (String) value);
}
return queryString.toString();
}
}
+ private void addNameValuePairToQueryString(StringBuilder queryString, String name, String value) {
+ if (UtilValidate.isNotEmpty(value)) {
+ if (queryString.length() > 1) {
+ queryString.append("&");
+ }
+
+ try {
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name));
+ queryString.append("=");
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value));
+ } catch (EncodingException e) {
+ Debug.logError(e, module);
+ }
+ }
+ }
+
public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url, ConfigXMLReader.RequestResponse requestResponse) {
String initialLink = this.makeLink(request, response, url);
String queryString = this.makeQueryString(request, requestResponse);
Modified: ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1392768&r1=1392767&r2=1392768&view=diff
==============================================================================
--- ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original)
+++ ofbiz/branches/release11.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Tue Oct 2 07:23:11 2012
@@ -282,10 +282,15 @@ public class WidgetWorker {
writer.append("\">");
for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
+ String key = parameter.getKey();
+
writer.append("<input name=\"");
- writer.append(parameter.getKey());
+ writer.append(key);
writer.append("\" value=\"");
- writer.append(parameter.getValue());
+
+ String valueFromContext = context.containsKey(key) ?
+ context.get(key).toString() : parameter.getValue();
+ writer.append(valueFromContext);
writer.append("\" type=\"hidden\"/>");
}