Closed elise-ng closed 4 years ago
not sure if this is required in the specification since it doesn't mention the requirement of processing escaped characters, and the searching functionality still works outside of that. Though I agree that there's room for improvement!
Will let @comp4111ta to decide. Thanks
imho this is pretty clear that the functionality is broken here, we should not expect a user to search with just one word of the information, or that a user would not be able to search a book with its full name 🙃
TA-verified: Valid Security Issues: Data inconsistency
in GeneralHelpers GetParamsMap, query parameters keys and values are not decoded using URLDecoder.decode, which causes escaped characters such as
` (
%20`) not handled.For instance, if a book has special characters in it's information, it is not possible to search that book using the full field: e.g. a book titled
Hello World
Database record:
Using keyword
hello
works:But keywords
hello world
orhello%20world
would not work and returns204 no content
: