You are here: Foswiki>Tasks Web>Item10505 (17 Dec 2011, GeorgeClark)Edit Attach

Item10505: Double encoding of formfields when redirected through login

pencil
Priority: Normal
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Engine
Component: DataForms, UrlHandling
Branches:
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
Visit System/PerlDoc without a session, and submit a module - Foswiki::Func.

URL becomes
http://foswiki.org/System/PerlDoc?module=Foswiki%3A%3AFunc

Click Login - URL becomes
http://foswiki.org/bin/login/System/PerlDoc?foswiki_origin=GET%2cview%2c/System/PerlDoc%3fmodule%3dFoswiki%253A%253AFunc

Note that the %3A has been encoded to %25%3A

Complete login, Module field has been corrupted to Foswiki%3A%3AFunc

If this were to happen on a longer more complex form with the fields out of view, it seems as though the user could then submit the form and corrupt data without realizing that the form field had changed.

-- GeorgeClark - 18 Mar 2011

With me URL params also get double encoded with form data (not only form fields) after Foswiki::Func::redirectCgiQuery.

-- ArthurClemens - 26 Apr 2011

This appears to have been fixed somewhere along the way in 1.1.4. Marking as waiting for release.

-- GeorgeClark - 03 Nov 2011
 

ItemTemplate edit

Summary Double encoding of formfields when redirected through login
ReportedBy GeorgeClark
Codebase 1.1.3, trunk
SVN Range
AppliesTo Engine
Component DataForms, UrlHandling
Priority Normal
CurrentState Closed
WaitingFor
Checkins
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r5 - 17 Dec 2011, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy