Hello All,
I faced an issue while trying to open a bookmarked page with OFBiz.
Suppose, the URL of this bookmarked page contains a parameter with multiple
values and the value may have space character. The query string in the URL
looks somewhat like this
"?categoryHierarchy=3%2FCompany+Catalog%2FBrowse+Root%2FCloths%2FMen%2F"&statusId=approved&statusId=created".
The "%2F" and "+" are encoded value of "/", a separator and space
character respectively. The status id parameter appears twice and the
category hierarchy value has space character.
The user is logged out at this instance and this bookmarked page is opened.
Since the user is not logged in, the login page is rendered. I feed in the
credentials and the intended URL is hit. Here, I do not get the required
result.
When I check the URL, the parameter with multiple values just has the last
value of the list and "+" is encoded into "%2B". The URL now is
"?categoryHierarchy=3%2FCompany%2BCatalog%2FBrowse%2BRoot%2FCloths%2FMen%2F"&statusId==created."
I did some digging and found out that LoginWorker.checkLogin() comes into
action and what it does is that it creates a new session object (because
the previous session becomes invalid) and in the session object, it puts
the previous URL parameters. This previous URL parameters are fetched using
UtilHttp.getUrlOnlyParameterMap(request) which internally calls
getQueryStringOnlyParameterMap(). This method returns a map by breaking the
query string into key and value pair. A map can not have duplicate keys (in
this case removes the approved status) and the value is not decoded before
putting it into the map ('+' is not decoded). This map is then used to
create an encoded ('+' is encoded into '%2B' ) redirect target and then
callRedirect() is called on this new redirect target, ending up with
unintended URL (inside RequestHandler.doRequest()).
I could resolve this issue by decoding the already encoded value before
putting it into the Map and if the key is already present in the Map, it
must create a list of the values.
Am I missing something or is this really a bug and needs to be addressed
OOTB?
If this is a bug, is proposed solution the right one?
--
Best,
Ritesh Kumar
