[ https://issues.apache.org/jira/browse/OFBIZ-10539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17111112#comment-17111112 ]
ASF subversion and git services commented on OFBIZ-10539: --------------------------------------------------------- Commit d913366851f70b67a3c4c754ac713904a0604002 in ofbiz-framework's branch refs/heads/release17.12 from Pawan Verma [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d913366 ] Fixed: Issue with redirect queryParameters when the user is logged out (OFBIZ-11714) In OFBIZ-10539, We missed removing the line which was adding parameters into the map as Ritesh suggested a good way to handle parameters. I've removed that redundant line of code and attaching a patch for the same. > Issue with opening a page via bookmark when the user is logged out > ------------------------------------------------------------------ > > Key: OFBIZ-10539 > URL: https://issues.apache.org/jira/browse/OFBIZ-10539 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Release Branch 17.12, Trunk > Reporter: Ritesh Kumar > Assignee: Pawan Verma > Priority: Major > Fix For: 18.12.01, 17.12.04 > > Attachments: OFBIZ-10539.patch > > > Please refer to the discussions on > [dev-mailing-list|https://markmail.org/message/zbdjmghgqldxbnbu] > There are issues with opening a bookmarked page when the user is logged out. > Steps to generate: > (Please refer > [Demo-trunk|https://demo-trunk.ofbiz.apache.org/webtools/control/main]) > 1. Open this link, > [FindWorkEffort|https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort]. > Find Work Effort screen will be rendered. > 2. Inspect and change the form method to "GET". > 3. Apply any of the two statuses (say, Cancelled and Declined). Click on Find. > 4. Records will be fetched according to the applied filters. > 5. Check the URL. Cancelled and Declined statuses must be there in the URL. > 6. Bookmark this page and log out. > 7. Now, open the bookmark. > 8. The login page will be rendered. Check the URL here. It will be the same > as it was when the page was being bookmarked. > 9. Type in the credentials and log in. > 10. The result may be different. Check the URL. One of the statuses is gone. > Following are the issues: > The bug here is (supposing the GET method is used) > 1. On opening the bookmark, the page is rendered with double encoding (if the > value had a space character initially, the space character was already > encoded into '+' in the URL and when this bookmark is opened, this '+' is > again encoded). This particular issue cannot be generated from the > above-mentioned steps but it exists. > 2. Suppose the bookmarked URL had multiple values from the same filter (say, > Cancelled and Declined status), it renders with just one of the statutes > applied. It is because the request handler prepares a Map of parameters from > the query string and as is the property of Map to replace the old value if a > new value is being added with the same key (in this example, first Cancelled > status is put in this Map and then Declined), only Declined status is put in > this Map. > What happens is that the request handler prepares a map of query parameters > from the query string and this map is used to create a redirect target. This > redirect target (at this instance having both the above-mentioned issues) is > called upon to render the requested page. -- This message was sent by Atlassian Jira (v8.3.4#803005)