Pawan Verma reassigned OFBIZ-10539:

    Assignee: Pawan Verma  (was: Ritesh Kumar)

> Issue with opening a page via bookmark when the user is logged out
> ------------------------------------------------------------------
>                 Key: OFBIZ-10539
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10539
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk, Release Branch 17.12
>            Reporter: Ritesh Kumar
>            Assignee: Pawan Verma
>            Priority: Major
>         Attachments: OFBIZ-10539.patch
> Please refer to the discussions on 
> [dev-mailing-list|https://markmail.org/message/zbdjmghgqldxbnbu]
> There are issues with opening a bookmarked page when the user is logged out. 
> Steps to generate: 
> (Please refer 
> [Demo-trunk|https://demo-trunk.ofbiz.apache.org/webtools/control/main])
> 1. Open this link, 
> [FindWorkEffort|https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort].
>  Find Work Effort screen will be rendered.
> 2. Inspect and change the form method to "GET".
> 3. Apply any of the two statuses (say, Cancelled and Declined). Click on Find.
> 4. Records will be fetched according to the applied filters. 
> 5. Check the URL. Cancelled and Declined statuses must be there in the URL.
> 6. Bookmark this page and log out.
> 7. Now, open the bookmark.
> 8. The login page will be rendered. Check the URL here. It will be the same 
> as it was when the page was being bookmarked.
> 9. Type in the credentials and log in.
> 10. The result may be different. Check the URL. One of the statuses is gone. 
> Following are the issues: 
> The bug here is (supposing the GET method is used)
> 1. On opening the bookmark, the page is rendered with double encoding (if the 
> value had a space character initially, the space character was already 
> encoded into '+' in the URL and when this bookmark is opened, this '+' is 
> again encoded). This particular issue cannot be generated from the 
> above-mentioned steps but it exists. 
> 2. Suppose the bookmarked URL had multiple values from the same filter (say, 
> Cancelled and Declined status), it renders with just one of the statutes 
> applied. It is because the request handler prepares a Map of parameters from 
> the query string and as is the property of Map to replace the old value if a 
> new value is being added with the same key (in this example, first Cancelled 
> status is put in this Map and then Declined), only Declined status is put in 
> this Map. 
> What happens is that the request handler prepares a map of query parameters 
> from the query string and this map is used to create a redirect target.  This 
> redirect target (at this instance having both the above-mentioned issues) is 
> called upon to render the requested page.  

This message was sent by Atlassian JIRA

Reply via email to