OFBiz OFBiz - Commits

svn commit: r1392769 - in /ofbiz/branches/release12.04/framework: webapp/src/org/ofbiz/webapp/control/RequestHandler.java widget/src/org/ofbiz/widget/WidgetWorker.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
sascharodekamp
Reply | Threaded
Open this post in threaded view
|

svn commit: r1392769 - in /ofbiz/branches/release12.04/framework: webapp/src/org/ofbiz/webapp/control/RequestHandler.java widget/src/org/ofbiz/widget/WidgetWorker.java

sascharodekamp
Author: sascharodekamp
Date: Tue Oct  2 07:23:35 2012
New Revision: 1392769

URL: http://svn.apache.org/viewvc?rev=1392769&view=rev
Log:
Bug Fix: No Url encoding for get parameters (https://issues.apache.org/jira/browse/OFBIZ-2628). Thanks Wojciech Szymanowski for the hint. This Patch fixes the problems with parameters from hidden fields sending with POST method and parameters sending during "request-redirect" response type

Modified:
    ofbiz/branches/release12.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
    ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java

Modified: ofbiz/branches/release12.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1392769&r1=1392768&r2=1392769&view=diff
==============================================================================
--- ofbiz/branches/release12.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/release12.04/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Tue Oct  2 07:23:35 2012
@@ -58,6 +58,7 @@ import org.ofbiz.webapp.view.ViewFactory
 import org.ofbiz.webapp.view.ViewHandler;
 import org.ofbiz.webapp.view.ViewHandlerException;
 import org.ofbiz.webapp.website.WebSiteWorker;
+import org.owasp.esapi.errors.EncodingException;
 
 /**
  * RequestHandler - Request Processor Object
@@ -955,32 +956,34 @@ public class RequestHandler {
                     value = request.getParameter(from);
                 }
 
-                if (UtilValidate.isNotEmpty(value)) {
-                    if (queryString.length() > 1) {
-                        queryString.append("&");
-                    }
-                    queryString.append(name);
-                    queryString.append("=");
-                    queryString.append(value);
-                }
+                addNameValuePairToQueryString(queryString, name, (String) value);
             }
             for (Map.Entry<String, String> entry: requestResponse.redirectParameterValueMap.entrySet()) {
                 String name = entry.getKey();
                 String value = entry.getValue();
 
-                if (UtilValidate.isNotEmpty(value)) {
-                    if (queryString.length() > 1) {
-                        queryString.append("&");
-                    }
-                    queryString.append(name);
-                    queryString.append("=");
-                    queryString.append(value);
-                }
+                addNameValuePairToQueryString(queryString, name, (String) value);
             }
             return queryString.toString();
         }
     }
 
+    private void addNameValuePairToQueryString(StringBuilder queryString, String name, String value) {
+        if (UtilValidate.isNotEmpty(value)) {
+            if (queryString.length() > 1) {
+                queryString.append("&");
+            }
+
+            try {
+                queryString.append(StringUtil.defaultWebEncoder.encodeForURL(name));
+                queryString.append("=");
+                queryString.append(StringUtil.defaultWebEncoder.encodeForURL(value));
+            } catch (EncodingException e) {
+                Debug.logError(e, module);
+            }
+        }
+    }
+
     public String makeLinkWithQueryString(HttpServletRequest request, HttpServletResponse response, String url, ConfigXMLReader.RequestResponse requestResponse) {
         String initialLink = this.makeLink(request, response, url);
         String queryString = this.makeQueryString(request, requestResponse);

Modified: ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java?rev=1392769&r1=1392768&r2=1392769&view=diff
==============================================================================
--- ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java (original)
+++ ofbiz/branches/release12.04/framework/widget/src/org/ofbiz/widget/WidgetWorker.java Tue Oct  2 07:23:35 2012
@@ -283,10 +283,15 @@ public class WidgetWorker {
 
         for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
             if (parameter.getValue() != null) {
+                String key = parameter.getKey();
+
                 writer.append("<input name=\"");
-                writer.append(parameter.getKey());
+                writer.append(key);
                 writer.append("\" value=\"");
-                writer.append(parameter.getValue());
+
+                String valueFromContext = context.containsKey(key) ?
+                        context.get(key).toString() : parameter.getValue();
+                writer.append(valueFromContext);
                 writer.append("\" type=\"hidden\"/>");
             }
         }


Free forum by Nabble Edit this page