Why did you change the method to GET? On Fri, Aug 24, 2018, 9:20 AM Ritesh Kumar <[email protected]> wrote:
> Just to put my point more clearly, let me add the steps to generate the > above-mentioned case. Please refer demo-trunk > <https://demo-trunk.ofbiz.apache.org/webtools/control/main>. > > 1. Open this link, FindWorkEffort > <https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort>. > Find Work Effort screen will be rendered. > 2. Inspect and change the form method to "GET". > 3. Apply any of the two statuses (say, Cancelled and Declined). Click on > Find. > 4. Records will be fetched according to the applied filters. > 5. Check the URL. Cancelled and Declined statuses must be there in the URL. > 6. Bookmark this page and log out. > 7. Now, open the bookmark. > 8. The login page will be rendered. Check the URL here. It will be the same > as it was when the page was being bookmarked. > 9. Type in the credentials and log in. > 10. The result may be different. Check the URL. One of the statuses is > gone. > > Due to business requirement, I need to show query parameters in the URL so > that the user is able to bookmark the page. And, we normally pass Id in the > parameters, but, due to some reason, I may have to pass values with space > characters. > > I hope, this demo puts forth my concern. > > > > On Thu, Aug 23, 2018 at 6:27 PM Ritesh Kumar < > [email protected]> > wrote: > > > Hello All, > > > > I faced an issue while trying to open a bookmarked page with OFBiz. > > > > Suppose, the URL of this bookmarked page contains a parameter with > > multiple values and the value may have space character. The query string > in > > the URL looks somewhat like this > > > > > "?categoryHierarchy=3%2FCompany+Catalog%2FBrowse+Root%2FCloths%2FMen%2F"&statusId=approved&statusId=created". > > The "%2F" and "+" are encoded value of "/", a separator and space > > character respectively. The status id parameter appears twice and the > > category hierarchy value has space character. > > > > The user is logged out at this instance and this bookmarked page is > > opened. Since the user is not logged in, the login page is rendered. I > feed > > in the credentials and the intended URL is hit. Here, I do not get the > > required result. > > > > When I check the URL, the parameter with multiple values just has the > last > > value of the list and "+" is encoded into "%2B". The URL now is > > > > > "?categoryHierarchy=3%2FCompany%2BCatalog%2FBrowse%2BRoot%2FCloths%2FMen%2F"&statusId==created." > > > > I did some digging and found out that LoginWorker.checkLogin() comes into > > action and what it does is that it creates a new session object (because > > the previous session becomes invalid) and in the session object, it puts > > the previous URL parameters. This previous URL parameters are fetched > using > > UtilHttp.getUrlOnlyParameterMap(request) which internally calls > > getQueryStringOnlyParameterMap(). This method returns a map by breaking > the > > query string into key and value pair. A map can not have duplicate keys > (in > > this case removes the approved status) and the value is not decoded > before > > putting it into the map ('+' is not decoded). This map is then used to > > create an encoded ('+' is encoded into '%2B' ) redirect target and then > > callRedirect() is called on this new redirect target, ending up with > > unintended URL (inside RequestHandler.doRequest()). > > > > I could resolve this issue by decoding the already encoded value before > > putting it into the Map and if the key is already present in the Map, it > > must create a list of the values. > > > > Am I missing something or is this really a bug and needs to be addressed > > OOTB? > > If this is a bug, is proposed solution the right one? > > > > -- > > Best, > > Ritesh Kumar > > > > >
