chenejac / VIVOTestMigration

0 stars 0 forks source link

VIVO-1989: Entering blank value for preferred title redirects to an address outside the application context #1872

Closed chenejac closed 3 years ago

chenejac commented 3 years ago

Brian Lowe (Migrated from VIVO-1989) said:

If vivo is deployed at localhost:8080/vivo, entering a blank value for a preferred title will redirect to /editRequestDispatch?blahblah instead of /vivo/editRequestDispatch?blahblah.  Manually restoring the missing /vivo/ path part shows the expected validation error message.

 

Oddly enough, this does not seem to affect other edit forms.

chenejac commented 3 years ago

Brian Lowe said:

This is a bizarre thing in templates/freemarker/lib/lib-properties.ftl and templates/freemarker/lib/lib-properties_fr_CA.ftl .

Extra parameters are appended to the edit links for certain properties, but they are not URL encoded.  This causes RedirectResponseValues.getRedirectUrl() to see the substring "://" as part of the URL and think that it is an external redirect.

For now, the appended parameters need to be URL encoded.  Later, this stuff also needs to get moved out of Vitro.  And getRedirectUrl() should probably treat only strings that start "http://" or "https://" as external redirects.

chenejac commented 3 years ago

Brian Lowe said:

Vitro and Vitro-languages pull requests:

[https://github.com/vivo-project/Vitro/pull/235]

[https://github.com/vivo-project/Vitro-languages/pull/48/]