Author: sascharodekamp
Date: Tue Oct 2 07:22:42 2012
New Revision: 1392767
URL:
http://svn.apache.org/viewvc?rev=1392767&view=revLog:
Bug Fix: No Url encoding for get parameters (
https://issues.apache.org/jira/browse/OFBIZ-2628). Thanks Wojciech Szymanowski for the hint. This Patch fixes the problems with parameters from hidden fields sending with POST method and parameters sending during "request-redirect" response type
Modified:
ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
ofbiz/branches/release10.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
Modified: ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1392767&r1=1392766&r2=1392767&view=diff==============================================================================
--- ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/release10.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Tue Oct 2 07:22:42 2012
@@ -53,11 +53,11 @@ import org.ofbiz.webapp.event.EventFacto
import org.ofbiz.webapp.event.EventHandler;
import org.ofbiz.webapp.event.EventHandlerException;
import org.ofbiz.webapp.stats.ServerHitBin;
-import org.ofbiz.webapp.stats.VisitHandler;
import org.ofbiz.webapp.view.ViewFactory;
import org.ofbiz.webapp.view.ViewHandler;
import org.ofbiz.webapp.view.ViewHandlerException;
import org.ofbiz.webapp.website.WebSiteWorker;
+import org.owasp.esapi.errors.EncodingException;
/**
* RequestHandler - Request Processor Object
@@ -927,19 +927,28 @@ public class RequestHandler {
value = request.getParameter(from);
}
- if (UtilValidate.isNotEmpty(value)) {
- if (queryString.length() > 1) {
- queryString.append("&");
- }
- queryString.append(name);
- queryString.append("=");
- queryString.append(value);
- }
+ addNameValuePairToQueryString(queryString, name, (String) value);
}
return queryString.toString();
}
}
+ private void addNameValuePairToQueryString(StringBuilder queryString, String name, String value) {
+ if (UtilValidate.isNotEmpty(value)) {
+ if (queryString.length() > 1) {
+ queryString.append("&");
+ }
+
+ try {
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name));
+ queryString.append("=");
+ queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value));
+ } catch (EncodingException e) {
+ Debug.logError(e, module);
+ }
+ }
+ }
+
public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url, ConfigXMLReader.RequestResponse requestResponse) {
String initialLink = this.makeLink(request, response, url);
String queryString = this.makeQueryString(request, requestResponse);
Modified: ofbiz/branches/release10.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/release10.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1392767&r1=1392766&r2=1392767&view=diff==============================================================================
--- ofbiz/branches/release10.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original)
+++ ofbiz/branches/release10.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Tue Oct 2 07:22:42 2012
@@ -260,10 +260,15 @@ public class WidgetWorker {
writer.append("\">");
for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
+ String key = parameter.getKey();
+
writer.append("<input name=\"");
- writer.append(parameter.getKey());
+ writer.append(key);
writer.append("\" value=\"");
- writer.append(parameter.getValue());
+
+ String valueFromContext = context.containsKey(key) ?
+ context.get(key).toString() : parameter.getValue();
+ writer.append(valueFromContext);
writer.append("\" type=\"hidden\"/>");
}
Locked
