MyFaces CODI
  1. MyFaces CODI
  2. EXTCDI-87

ExternalContext.encodeActionUrl() must not be used for URL parameter values

    Details

      Description

      Currently there are some places where we're using ExternalContext.encodeActionUrl(). Sometimes the value is a whole URL - in this case encodeActionUrl() fits. However sometimes we're using it to encode a URL parameter value, which is wrong, because this method is designed to encode the final URL including all parameters and thus does not encode parameter values as expected.

      The right way is to use URLEncoder.encode() for URL parameter values. See MyFaces' ExternalContext impl for details: ServletExternalContextImpl.encodeURL().

        Activity

        Jakob Korherr created issue -
        Jakob Korherr made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 0.9.1 [ 12315555 ]
        Resolution Fixed [ 1 ]
        Gerhard Petracek made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        1h 4m 1 Jakob Korherr 27/Nov/10 10:09
        Resolved Resolved Closed Closed
        13d 14h 38m 1 Gerhard Petracek 11/Dec/10 00:47

          People

          • Assignee:
            Jakob Korherr
            Reporter:
            Jakob Korherr
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development