Dave Howorth wrote:
I've just encountered a problem with the quoting of search strings. I
have a search string with an equals sign in it and it's not getting
quoted properly (so the URL comes out as ...&field=some=text&... ). Has
anybody else come across this, or better yet, fixed it :)
There seem to be a couple of factors that contribute to my problem. To
be specific, I search for the notes field to be like %=%
This is encoded by the browser into the following URL:
http://cpepc210-3/cgi-bin/beer.cgi/brewery/search/?name=¬es=%25%3D%25&url=&search=search
On the search results page, Maypole has tried to set up a corresponding
href value in the column headings but it's got it wrong like this:
http://cpepc210-3/cgi-bin/beer.cgi/brewery/search/?order=notes&page=1¬es=%25=%25
(note that the = hasn't been encoded). The query portion comes directly
from the CGI params in this code in this code in the list template (see
request.params.$name):
[% FOR col = classmetadata.list_columns.list;
NEXT IF col == "id";
"<th>";
SET additional = "?order=" _ col;
SET additional = additional _ "&page=" _
pager.current_page
IF pager;
SET additional = additional _ "&o2=desc"
IF col == request.params.order
and request.params.o2 != "desc";
SET action = "list";
FOR name = classmetadata.columns.list;
IF request.query.$name;
SET additional =
additional _ "&" _ name _ "=" _
request.params.$name;
SET action = "search";
END;
END;
link(classmetadata.table, action, additional,
classmetadata.colnames.$col);
IF col == request.params.order;
IF request.params.o2 != "desc";
"↓";
ELSE;
"↑";
END;
END;
"</th>";
END %]
The link is generated using this code from the macros template:
MACRO link(table, command, additional, label) BLOCK;
SET lnk = base _ "/" _ table _ "/" _ command _ "/" _ additional;
lnk = lnk | uri | html;
'<a href="' _ lnk _ '">';
label;
"</a>";
END;
Clearly the uri filter can't encode an =, because then it would also
encode the equal that separates the field name from the value.
So it appears to me that request.params.$name needs encoding BEFORE it
is added to the 'additional' string. This can be done for example by:
USE HTML ; encoded_value = HTML.url(request.params.$name) ;
But that leads to another problem. The link macro now filters that
through the uri filter, which encodes the % characters in the encoded
value so instead of the '%25%3D%25' that we'd like, we get
'%2525%253D%2525', which is garbage.
So it looks like the link macro also needs fixing. The simplest fix
would just be to remove the uri filter... Does anybody know why it's
there? Does Maypole ever generate anything that needs encoding, apart
from parameters that will now be encoded individually? Can anybody think
of a better, simpler fix? Or have I missed the obvious?
Cheers, Dave
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Maypole-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/maypole-users
