Just to put my point more clearly, let me add the steps to generate the above-mentioned case. Please refer demo-trunk <https://demo-trunk.ofbiz.apache.org/webtools/control/main>.
1. Open this link, FindWorkEffort <https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort>. Find Work Effort screen will be rendered. 2. Inspect and change the form method to "GET". 3. Apply any of the two statuses (say, Cancelled and Declined). Click on Find. 4. Records will be fetched according to the applied filters. 5. Check the URL. Cancelled and Declined statuses must be there in the URL. 6. Bookmark this page and log out. 7. Now, open the bookmark. 8. The login page will be rendered. Check the URL here. It will be the same as it was when the page was being bookmarked. 9. Type in the credentials and log in. 10. The result may be different. Check the URL. One of the statuses is gone. Due to business requirement, I need to show query parameters in the URL so that the user is able to bookmark the page. And, we normally pass Id in the parameters, but, due to some reason, I may have to pass values with space characters. I hope, this demo puts forth my concern. On Thu, Aug 23, 2018 at 6:27 PM Ritesh Kumar <[email protected]> wrote: > Hello All, > > I faced an issue while trying to open a bookmarked page with OFBiz. > > Suppose, the URL of this bookmarked page contains a parameter with > multiple values and the value may have space character. The query string in > the URL looks somewhat like this > > "?categoryHierarchy=3%2FCompany+Catalog%2FBrowse+Root%2FCloths%2FMen%2F"&statusId=approved&statusId=created". > The "%2F" and "+" are encoded value of "/", a separator and space > character respectively. The status id parameter appears twice and the > category hierarchy value has space character. > > The user is logged out at this instance and this bookmarked page is > opened. Since the user is not logged in, the login page is rendered. I feed > in the credentials and the intended URL is hit. Here, I do not get the > required result. > > When I check the URL, the parameter with multiple values just has the last > value of the list and "+" is encoded into "%2B". The URL now is > > "?categoryHierarchy=3%2FCompany%2BCatalog%2FBrowse%2BRoot%2FCloths%2FMen%2F"&statusId==created." > > I did some digging and found out that LoginWorker.checkLogin() comes into > action and what it does is that it creates a new session object (because > the previous session becomes invalid) and in the session object, it puts > the previous URL parameters. This previous URL parameters are fetched using > UtilHttp.getUrlOnlyParameterMap(request) which internally calls > getQueryStringOnlyParameterMap(). This method returns a map by breaking the > query string into key and value pair. A map can not have duplicate keys (in > this case removes the approved status) and the value is not decoded before > putting it into the map ('+' is not decoded). This map is then used to > create an encoded ('+' is encoded into '%2B' ) redirect target and then > callRedirect() is called on this new redirect target, ending up with > unintended URL (inside RequestHandler.doRequest()). > > I could resolve this issue by decoding the already encoded value before > putting it into the Map and if the key is already present in the Map, it > must create a list of the values. > > Am I missing something or is this really a bug and needs to be addressed > OOTB? > If this is a bug, is proposed solution the right one? > > -- > Best, > Ritesh Kumar > >
