You are here: Foswiki>Tasks Web>Item13837 (16 Nov 2015, GeorgeClark)Edit Attach

Item13837: Foswiki::Func::getScriptUrl() generates broken URL if any parameters contain embedded # characters.

pencil
Priority: Urgent
Current State: Closed
Released In: 2.0.3
Target Release: patch
Applies To: Engine
Component: FoswikiFunc
Branches: master
Reported By: GerhardHeimlinger
Waiting For:
Last Change By: GeorgeClark
Since Foswiki 2.0.0 there is a problem editing actions created with the ActionTrackerPlugin. The problem is related to the fact that the sequence of the parameters in the edit URL changes randomly. Even within one table containing several actions the sequence can be different from one action to another. Prior versions of Foswiki (tested with 1.1.9) do not show this problem. While the sequence there is also random obviously it doesn't matter. In Foswiki installations from version 2.0.0 on this proplem occurs. The result is either coming up with the correct template or opening with the default template or showing the error message "Bad URL parameters; atp_action is not set". After tracking this issue further down, I found out that the sequence of the parameters "skin", "origin" and "atp_action" is critical while the position of the parameters "t" and "nowysiwyg" in the URL doesn't seem to matter.

This is the result of the permutations of "skin", "origin" and "atp_action"

sequence result
skin, origin, atp_action Bad URL parameters; atp_action is not set
origin, skin, atp_action edit opens with standard template
atp_action, origin, skin edit opens with standard template
origin, atp_action, skin edit opens with standard template
skin, atp_action, origin OK
atp_action, skin, origin OK

-- GerhardHeimlinger - 26 Oct 2015

Originally reported as: ActionTrackerPlugin - Problem editing Actions (broken since Foswiki 2.0.0)

After some discussion on IRC the issue here is a # is slipping through in one of the individual URL parameters.

http://somesite.com/foswiki/bin/edit/Sandbox/CommentPluginExamples?t=1446126138;nowysiwyg=1;atp_action=000001;origin=Sandbox.TestActionTrackerPlugin#Sandbox:CommentPluginExamples:000001;skin=action,natedit,pattern

The # in origin=Sandbox.TestActionTrackerPlugin#Sandbox:CommentPluginExamples:000001; is not encoded, and causes the parameters to be truncated at the # fragment indicator.

The bug was introduced in distro:e47b5ab82087e375c6a1015efc414e55de0e056b as part of unit test fixes.

Right now I'm still guessing, but this is the failing use case:
  • Foswiki::Func::getScriptUrl (called with an array of URL parameters) which calls:
    • Foswiki::getScriptURL(), which calls Foswiki::urlEncode() on each parameter in the array.
      • A special parameter named # is used to generate the fragment at the end of the URL
      • In this use case, # appearing in other parameters must be encoded, or it will generate an broken URL.

-- Main.GeorgeClark - 29 Oct 2015 - 14:05

Crawford, the unit tests pass with this patched to encode #, except for the test that explicitly tests the encoding of url parameters. I don't understand why added # to the list of safe characters. It doesn't appear to be a typo. Do you have any recollection?

-- GeorgeClark - 29 Oct 2015

The RFC is confusing.... but encoding # would seem to be essential

-- Main.CrawfordCurrie - 02 Nov 2015 - 15:54
 

ItemTemplate edit

Summary Foswiki::Func::getScriptUrl() generates broken URL if any parameters contain embedded # characters.
ReportedBy GerhardHeimlinger
Codebase 2.0.2, 2.0.1, 2.0.0
SVN Range
AppliesTo Engine
Component FoswikiFunc
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:4bc7094810ad
TargetRelease patch
ReleasedIn 2.0.3
CheckinsOnBranches master
trunkCheckins
masterCheckins distro:4bc7094810ad
ItemBranchCheckins
Release01x01Checkins
Topic revision: r6 - 16 Nov 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy