[jira] [Commented] (OFBIZ-5904) "Value" attribute of hidden form field is overridden by same name value in context

Wed, 10 Dec 2014 01:48:44 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240862#comment-14240862
 ] 

Leon commented on OFBIZ-5904:
-----------------------------

In my patch, use URLEncoder.encode while rendering a link, and use 
StringUtil.htmlEncoder.encode while rendering a form field. 

> "Value" attribute of hidden form field is overridden by same name value in 
> context
> ----------------------------------------------------------------------------------
>
>                 Key: OFBIZ-5904
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5904
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Leon
>             Fix For: Trunk
>
>         Attachments: OFBIZ-5904.patch
>
>
> e.g. 
> {quote}
> <field ...>
>   <hyperlink target="..." link-type="hidden-form" >
>      <parameter param-name="partyId" value="Company" />
>      ...
>   </hyperlink>
> </field>
> {quote}
> If there's a "partyId" key in context, then, the value set here will be 
> overridden.
> This problem is caused by commit 
> [r1392766|https://fisheye6.atlassian.com/changelog/ofbiz?cs=1392766] :
> {quote}
>          for (Map.Entry<String, String> parameter: parameterMap.entrySet()) {
>              if (parameter.getValue() != null) {
> +                String key = parameter.getKey();
> +
>                  writer.append("<input name=\"");
> -                writer.append(parameter.getKey());
> +                writer.append(key);
>                  writer.append("\" value=\"");
> -                writer.append(parameter.getValue());
> +
> +                String valueFromContext = context.containsKey(key) ?
> +                        context.get(key).toString() : parameter.getValue();
> +                writer.append(valueFromContext);
>                  writer.append("\" type=\"hidden\"/>");
>              }
>          }
> {quote}
> In this commit, it got context value in preceding of "value" attribute. It's 
> not  reasonable.
> This defect mentioned above was caused by trying fix the problem introduced 
> by commit [1298454|https://fisheye6.atlassian.com/changelog/ofbiz?cs=1298454]:
> {quote}
> -                return this.value.expandString(context);
> +                try {
> +                    return 
> URLEncoder.encode(this.value.expandString(context), 
> Charset.forName("UTF-8").displayName());
> +                } catch (UnsupportedEncodingException e) {
> +                    Debug.logError(e, module);
> +                    return this.value.expandString(context);
> +                }
> {quote}
> In this commit, it called URLEncoder.encode to encode parameter value no 
> matter where the value would be used. Actually, if use this value as the 
> "value" attribute of html form field, it should be encoded by HtmlEncoder not 
> URLEncoder.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to