Foswiki on GitHub is open for business! Next release meeting: Monday September 29, 1300Z

Item10505: Double encoding of formfields when redirected through login

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Engine DataForms, UrlHandling  
Visit System/PerlDoc without a session, and submit a module - Foswiki::Func.

URL becomes
http://foswiki.org/System/PerlDoc?module=Foswiki%3A%3AFunc

Click Login - URL becomes
http://foswiki.org/bin/login/System/PerlDoc?foswiki_origin=GET%2cview%2c/System/PerlDoc%3fmodule%3dFoswiki%253A%253AFunc

Note that the %3A has been encoded to %25%3A

Complete login, Module field has been corrupted to Foswiki%3A%3AFunc

If this were to happen on a longer more complex form with the fields out of view, it seems as though the user could then submit the form and corrupt data without realizing that the form field had changed.

-- GeorgeClark - 18 Mar 2011

With me URL params also get double encoded with form data (not only form fields) after Foswiki::Func::redirectCgiQuery.

-- ArthurClemens - 26 Apr 2011

This appears to have been fixed somewhere along the way in 1.1.4. Marking as waiting for release.

-- GeorgeClark - 03 Nov 2011
 

ItemTemplate edit

Summary Double encoding of formfields when redirected through login
ReportedBy GeorgeClark
Codebase 1.1.3, trunk
SVN Range
AppliesTo Engine
Component DataForms, UrlHandling
Priority Normal
CurrentState Closed
WaitingFor
Checkins
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r5 - 17 Dec 2011, GeorgeClark
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License