You are here: Foswiki>Tasks Web>Item13903 (08 Feb 2016, GeorgeClark)Edit Attach

Item13903: Redirect for authentication breaks utf8 topic names.

pencil
Priority: Urgent
Current State: Closed
Released In: 2.1.0
Target Release: minor
Applies To: Engine
Component: LoginManager
Branches: master Release02x00 Item13897
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
  • Login with a user that does not have create access on a web.
  • Create a topic using a utf-8 name eg. AaŽuŽu
  • Oops screen reports "To login as another user please do so here." ... click the "here" link, with redirects to the Login page:
    • http://mytestsite/bin/login/Aaaronsweb/Aa%C5%BDu%C5%BDu?foswiki_origin=GET%2cedit%2c/bin/edit/Aaaronsweb/%3ft%3d1451019284%26onlynewtopic%3don%26topic%3dAa%25C5%25BDu%25C5%25BDu%26onlywikiname%3don%26topicparent%3dWebHome%26templatetopic%3d
    • Login as admin
    • Which reports a new oops Attention, WebHome already exists.
    • http://mytestsite/bin/edit/Aaaronsweb/?validation_key=bf3100ae9119b1e6e476e222718f4ce7;t=1451019284;onlynewtopic=on;topic=Aa%25C5%25BDu%25C5%25BDu;onlywikiname=on;topicparent=WebHome;templatetopic=

-- GeorgeClark - 25 Dec 2015

It appears that the URL has been URL-encoded a 2nd time. So the encoded UTF-8 characters %C5%BD were transformed to %25C5%25BD

-- GeorgeClark - 25 Dec 2015

I have a fix, but it doesn't "feel right". The LoginManager in the _packRequest utility needs to urlDecode the uri before packing it, so that it isn't double encoded.
diff --git a/core/lib/Foswiki/LoginManager/TemplateLogin.pm b/core/lib/Foswiki/LoginManager/TemplateLogin.pm
index c28134e..f96361a 100755
--- a/core/lib/Foswiki/LoginManager/TemplateLogin.pm
+++ b/core/lib/Foswiki/LoginManager/TemplateLogin.pm
@@ -61,6 +61,7 @@ sub _packRequest {
     if ( ref($uri) ) {    # first parameter is a $session
         my $r = $uri->{request};
         $uri    = $r->uri();
+        $uri    = Foswiki::urlDecode( $uri );
         $method = $r->method() || 'UNDEFINED';
         $action = $r->action();
     }

-- GeorgeClark - 25 Dec 2015

Yup, that looks spot on. I couldn't find the right place to do this myself, but this looks right.

-- Main.CrawfordCurrie - 28 Dec 2015 - 07:30

 
Topic revision: r6 - 08 Feb 2016, GeorgeClark - This page was cached on 23 Sep 2017 - 17:08.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License