[Koha-bugs] [Bug 22223] New: Item url double-encode when parameter is an encoded URL
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 29 06:14:25 CET 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22223
Bug ID: 22223
Summary: Item url double-encode when parameter is an encoded
URL
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
Target Milestone: ---
The following use of the "url" filter is problematic:
[% IF Koha.Preference("OPACURLOpenInNewWindow") %]
<a target="_blank" rel="noreferrer" href="[% ITEM_RESULT.uri | url %]"
property="url">[% ITEM_RESULT.uri | html %]</a>
[% ELSE %]
<a href="[% ITEM_RESULT.uri | url %]" property="url">[% ITEM_RESULT.uri | html
%]</a>
[% END %]
If ITEM_RESULT.uri is
"https://idp.com?redirect_url=https%3A%2F%2Fsomewhere_else.com", then the
percent signs in the argument to the "redirect_url" parameters will be encoded
incorrectly and the result will be
"https://idp.com?redirect_url=https%253A%252F%252Fsomewhere_else.com", which is
obviously an invalid URL.
Can we really expect that no one will ever include a URL with URI encoded
parameters?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list