Evergreen

CGI params starting with "copy" cause problems

Bug #1917951 reported by Mike Rylander
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Status tracked in Main
3.3
Won't Fix
Undecided
Unassigned
3.4
Won't Fix
Undecided
Unassigned
3.5
Won't Fix
Undecided
Unassigned
3.6
Invalid
Undecided
Unassigned
3.7
Invalid
Undecided
Unassigned
Main
Invalid
Medium
Unassigned

Bug Description

In recent browsers, it seems that a CGI parameter that starts with "copy" and is not the first parameter, and is therefore preceded by an ampersand, is translated to a copyright character when the browser sends the URL to the server. This is ungood.

Forthcoming is a branch that changes the "copy" portion of copy_limit, copy_offset, copy_depth, and copy_id to "cp" instead. Only the templates (which generate and read the parameters) and two mod_perl modules (which read the parameters) are changed.

Tags: pullrequest
Revision history for this message
Mike Rylander (mrylander) wrote :

Branch available here:

https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/miker/lp-1917951-rename-copy_blah-cgi-params

tags: added: pullrequest
Revision history for this message
Jason Boyer (jboyer) wrote :

Mike, where are you seeing this happening? This should have gotten significantly better with the closing of bug 1914116 but if there are other places it's popping up the right fix is likely sprinkling some more "| html" (or similar) about.

Revision history for this message
Jason Stephenson (jstephenson) wrote :

The code from bug 1687545 was reverted in an attempt to address this issue.

Can someone please confirm if that did, indeed, address this problem.

Revision history for this message
Jason Boyer (jboyer) wrote :

Reverting 1687545 did indeed fix this issue; marking bug invalid as the correct fix to bug 1687545 would html-encode these parameters anyway, avoiding this problem.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.