NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.

You are here: Foswiki>Tasks Web>Item10505 (17 Dec 2011, GeorgeClark)

Item10505: Double encoding of formfields when redirected through login

Priority:	CurrentState:	AppliesTo:	Component:	WaitingFor:
Normal	Closed	Engine	DataForms, UrlHandling

Visit System/PerlDoc without a session, and submit a module - Foswiki::Func.

URL becomes

http://foswiki.org/System/PerlDoc?module=Foswiki%3A%3AFunc

Click Login - URL becomes

http://foswiki.org/bin/login/System/PerlDoc?foswiki_origin=GET%2cview%2c/System/PerlDoc%3fmodule%3dFoswiki%253A%253AFunc

Note that the %3A has been encoded to %25%3A

Complete login, Module field has been corrupted to Foswiki%3A%3AFunc

If this were to happen on a longer more complex form with the fields out of view, it seems as though the user could then submit the form and corrupt data without realizing that the form field had changed.

-- GeorgeClark - 18 Mar 2011

With me URL params also get double encoded with form data (not only form fields) after Foswiki::Func::redirectCgiQuery.

-- ArthurClemens - 26 Apr 2011

This appears to have been fixed somewhere along the way in 1.1.4. Marking as waiting for release.

-- GeorgeClark - 03 Nov 2011

ItemTemplate edit

Summary	Double encoding of formfields when redirected through login
ReportedBy	GeorgeClark
Codebase	1.1.3, trunk
SVN Range
AppliesTo	Engine
Component	DataForms, UrlHandling
Priority	Normal
CurrentState	Closed
WaitingFor
Checkins
TargetRelease	patch
ReleasedIn	1.1.4

Topic revision: r5 - 17 Dec 2011, GeorgeClark

Tasks

Submit and Query

Create Task

Developer Tasks

Non Developer Tasks

Developer Tools

Tools

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement.