ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (OFBIZ-5953) Problem with new UtilCodec code caused by HTMLEntityCodec.decode()
Date Thu, 02 Jul 2015 12:10:04 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-5953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14321737#comment-14321737

Jacques Le Roux edited comment on OFBIZ-5953 at 7/2/15 12:09 PM:

Thanks Jacopo, excellent article!

I meant this one http://security.coverity.com/blog/2013/Nov/to-escape-or-not-to-escape-that-is-the-question.html
suggested in OFBIz-5910

was (Author: jacques.le.roux):
Thanks Jacopo, excellent article!

> Problem with new UtilCodec code caused by HTMLEntityCodec.decode()
> ------------------------------------------------------------------
>                 Key: OFBIZ-5953
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5953
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Christian Carlow
>             Fix For: 14.12.01, Upcoming Branch
> From Adrian on ML:
> When I navigate to https://localhost:8443/accounting/control/paymentOverview?paymentId=8004
many exceptions are thrown and the screen fails to render.  I tried changing WidgetWorker.java
line 74 to localRequestName = UtilCodec.canonicalize(localRequestName, false, false); which
fixed the exceptions, but the generated link is wrong.  I don't know how to fix it.
> Errors related to this class are also thrown at accounting/control/invoiceOverview. 
Setting a breakpoint at line 167 of UtilCodec.java shows that 2 HTMLEntityCodec.decode calls
transforms the URL from
> EditAcctgTrans?acctgTransId=10070&amp;organizationPartyId=10010 to
> EditAcctgTrans?acctgTransId=10070&organizationPartyId=10010 to
> EditAcctgTrans?acctgTransId=10070∨ganizationPartyId=10010.
> Not sure if the error is in class UtilCode or HTMLEntityCodec.

This message was sent by Atlassian JIRA

View raw message