[
https://issues.apache.org/jira/browse/OFBIZ-10539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17111112#comment-17111112
]
ASF subversion and git services commented on OFBIZ-10539:
---------------------------------------------------------
Commit d913366851f70b67a3c4c754ac713904a0604002 in ofbiz-framework's branch
refs/heads/release17.12 from Pawan Verma
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d913366 ]
Fixed: Issue with redirect queryParameters when the user is logged out
(OFBIZ-11714)
In OFBIZ-10539, We missed removing the line which was adding parameters into
the map as Ritesh suggested a good way to handle parameters. I've removed that
redundant line of code and attaching a patch for the same.
> Issue with opening a page via bookmark when the user is logged out
> ------------------------------------------------------------------
>
> Key: OFBIZ-10539
> URL: https://issues.apache.org/jira/browse/OFBIZ-10539
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 17.12, Trunk
> Reporter: Ritesh Kumar
> Assignee: Pawan Verma
> Priority: Major
> Fix For: 18.12.01, 17.12.04
>
> Attachments: OFBIZ-10539.patch
>
>
> Please refer to the discussions on
> [dev-mailing-list|https://markmail.org/message/zbdjmghgqldxbnbu]
> There are issues with opening a bookmarked page when the user is logged out.
> Steps to generate:
> (Please refer
> [Demo-trunk|https://demo-trunk.ofbiz.apache.org/webtools/control/main])
> 1. Open this link,
> [FindWorkEffort|https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort].
> Find Work Effort screen will be rendered.
> 2. Inspect and change the form method to "GET".
> 3. Apply any of the two statuses (say, Cancelled and Declined). Click on Find.
> 4. Records will be fetched according to the applied filters.
> 5. Check the URL. Cancelled and Declined statuses must be there in the URL.
> 6. Bookmark this page and log out.
> 7. Now, open the bookmark.
> 8. The login page will be rendered. Check the URL here. It will be the same
> as it was when the page was being bookmarked.
> 9. Type in the credentials and log in.
> 10. The result may be different. Check the URL. One of the statuses is gone.
> Following are the issues:
> The bug here is (supposing the GET method is used)
> 1. On opening the bookmark, the page is rendered with double encoding (if the
> value had a space character initially, the space character was already
> encoded into '+' in the URL and when this bookmark is opened, this '+' is
> again encoded). This particular issue cannot be generated from the
> above-mentioned steps but it exists.
> 2. Suppose the bookmarked URL had multiple values from the same filter (say,
> Cancelled and Declined status), it renders with just one of the statutes
> applied. It is because the request handler prepares a Map of parameters from
> the query string and as is the property of Map to replace the old value if a
> new value is being added with the same key (in this example, first Cancelled
> status is put in this Map and then Declined), only Declined status is put in
> this Map.
> What happens is that the request handler prepares a map of query parameters
> from the query string and this map is used to create a redirect target. This
> redirect target (at this instance having both the above-mentioned issues) is
> called upon to render the requested page.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
