OFBiz OFBiz - Dev

[jira] [Commented] (OFBIZ-5904) "Value" attribute of hidden form field is overridden by same name value in context

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-5904) "Value" attribute of hidden form field is overridden by same name value in context

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240862#comment-14240862 ]

Leon commented on OFBIZ-5904:
-----------------------------

In my patch, use URLEncoder.encode while rendering a link, and use StringUtil.htmlEncoder.encode while rendering a form field.

> "Value" attribute of hidden form field is overridden by same name value in context
> ----------------------------------------------------------------------------------
>
>                 Key: OFBIZ-5904
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5904
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Leon
>             Fix For: Trunk
>
>         Attachments: OFBIZ-5904.patch
>
>
> e.g.
> {quote}
> <field ...>
>   <hyperlink target="..." link-type="hidden-form" >
>      <parameter param-name="partyId" value="Company" />
>      ...
>   </hyperlink>
> </field>
> {quote}
> If there's a "partyId" key in context, then, the value set here will be overridden.
> This problem is caused by commit [r1392766|https://fisheye6.atlassian.com/changelog/ofbiz?cs=1392766] :
> {quote}
>          for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
>              if (parameter.getValue() != null) {
> +                String key = parameter.getKey();
> +
>                  writer.append("<input name=\"");
> -                writer.append(parameter.getKey());
> +                writer.append(key);
>                  writer.append("\" value=\"");
> -                writer.append(parameter.getValue());
> +
> +                String valueFromContext = context.containsKey(key) ?
> +                        context.get(key).toString() : parameter.getValue();
> +                writer.append(valueFromContext);
>                  writer.append("\" type=\"hidden\"/>");
>              }
>          }
> {quote}
> In this commit, it got context value in preceding of "value" attribute. It's not  reasonable.
> This defect mentioned above was caused by trying fix the problem introduced by commit [1298454|https://fisheye6.atlassian.com/changelog/ofbiz?cs=1298454]:
> {quote}
> -                return this.value.expandString(context);
> +                try {
> +                    return URLEncoder.encode(this.value.expandString(context), Charset.forName("UTF-8").displayName());
> +                } catch (UnsupportedEncodingException e) {
> +                    Debug.logError(e, module);
> +                    return this.value.expandString(context);
> +                }
> {quote}
> In this commit, it called URLEncoder.encode to encode parameter value no matter where the value would be used. Actually, if use this value as the "value" attribute of html form field, it should be encoded by HtmlEncoder not URLEncoder.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page