Item10505: Double encoding of formfields when redirected through login
Current State: Closed
Released In: 1.1.4
Target Release: patch
Visit System/PerlDoc without a session, and submit a module - Foswiki::Func.
Click Login - URL becomes
Note that the %3A has been encoded to %25%3A
Complete login, Module field has been corrupted to Foswiki%3A%3AFunc
If this were to happen on a longer more complex form with the fields out of view, it seems as though the user could then submit the form and corrupt data without realizing that the form field had changed.
- 18 Mar 2011
With me URL params also get double encoded with form data (not only form fields) after
- 26 Apr 2011
This appears to have been fixed somewhere along the way in 1.1.4. Marking as waiting for release.
- 03 Nov 2011