[
https://issues.apache.org/jira/browse/OFBIZ-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14965744#comment-14965744
]
Taher Alkhateeb commented on OFBIZ-1993:
----------------------------------------
This issue is no longer valid because the whole file was refactored in the
below commit from david jones back in 2009
{quote}
r741374 | jonesde | 2009-02-06 05:14:19 +0300 (Fri, 06 Feb 2009) | 10 lines
A few related changes:
Big refactor of ControlServlet, RequestManager, RequestHandler, and
ConfigXMLReader so that simple objects are used instead of Maps within Maps
within Maps for the data from the controller.xml file, which results in
eliminating hundreds of lines of code including the entire RequestHandler
class. I have tested this a lot with different apps that use the
ControlServlet differently, but this is a very big change so there could still
be issues. Based on this cleanup future issues and new features should be
easier and less error prone, and that is why doing it now in order to help with
a number of other improvements and bug fixes that are part of this commit.
Also added redirect-parameter element to go under the request-map -> response
element which allows you to specify which parameters will be passed on in a
redirect instead of using all of them. Also improved default there and in
various places to only include parameters from the URL to avoid issues with
form data, but if the ID to display (like following a crAlso added
redirect-parameter element to go under the request-map -> response element
which allows you to specify which parameters will be passed on in a redirect
instead of using all of them. Also improved default there and in various places
to only include parameters from the URL to avoid issues with form data, but if
the ID to display (like following a crAlso added redirect-parameter element
to go under the request-map -> response element which allows you to specify
which parameters will be passed on in a redirect instead of using all of
them. Also improved default there and in various places to only include
parameters from the URL to avoid issues wd in and also going to the same page
after login from auth=true or from clicking on the login link.
Related to cleaning up login URLs also changed how the request and parameters
passed to a request before a login are saved and used after a login is
successful so that it URL parameters go on the URL in a redirect to the
original request to make it more transparent, and non-URL parameters just stay
in the session and are used when the original request is run again to
avoid putting sensitive information like passwords and big information like
textarea data in the URL, which has been a problem before.
To see what some of these things combined can do try going to the example app,
login, click on the New Example link, then logout in another tab or window,
then go back to the New Example page and enter a name and a whole bunch of
text in the long description then click Create, the system will show you the
login page so enter username/ password, and then after login you'll see
a nice URL to EditExample with the correct exampleId parameter and all of the
data entered before login successfully saved and never appearing in a URL.
{quote}
> LoginWorker.makeLoginUrl doesn't include path info URL parameters
> -----------------------------------------------------------------
>
> Key: OFBIZ-1993
> URL: https://issues.apache.org/jira/browse/OFBIZ-1993
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Trunk
> Reporter: Daniel Rosowski
> Attachments: LoginWorker.patch
>
>
> The LoginWorker.makeLoginUrl method is not including path info parameters
> (e.g. /~name1=value1/~name2=value2/). Instead of using
> request.getParameterNames I'm now using UtilHttp.getParameterMap, which also
> includes the path info params.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
