[Functional] Query String URI Component not decoded

oscarngncc / COMP4111_project

COMP4111 project

0 stars 0 forks source link

[Functional] Query String URI Component not decoded #9

Closed elise-ng closed 4 years ago

elise-ng commented 4 years ago

in GeneralHelpers GetParamsMap, query parameters keys and values are not decoded using URLDecoder.decode, which causes escaped characters such as ` (%20`) not handled.

For instance, if a book has special characters in it's information, it is not possible to search that book using the full field: e.g. a book titled Hello World

Database record:

Using keyword hello works:

But keywords hello world or hello%20world would not work and returns 204 no content:

oscarngncc commented 4 years ago

not sure if this is required in the specification since it doesn't mention the requirement of processing escaped characters, and the searching functionality still works outside of that. Though I agree that there's room for improvement!

Will let @comp4111ta to decide. Thanks

elise-ng commented 4 years ago

imho this is pretty clear that the functionality is broken here, we should not expect a user to search with just one word of the information, or that a user would not be able to search a book with its full name 🙃

comp4111ta commented 4 years ago

TA-verified: Valid Security Issues: Data inconsistency