projects / evergreen / pines.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d9fac3e)
Force-encode CGI param values to prevent decode errors
authorBill Erickson <berick@esilibrary.com>
Thu, 11 Aug 2011 20:25:50 +0000 (16:25 -0400)
committerBill Erickson <berick@esilibrary.com>
Thu, 11 Aug 2011 20:25:50 +0000 (16:25 -0400)
CGI.pm decode()'s parameter values, so if it encounters a value that
is already decoded, it will croak and kill the page.  Proactively encode
paramter values so decode() won't fail.

The better solution may be to determine how we get such data, but
until then, let's allow the t-pac to work on funky data.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGWeb.pm patch | blob | history
Open-ILS/web/templates/default/opac/parts/header.tt2 patch | blob | history

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGWeb.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGWeb.pm
index 33a5dbb..8226be7 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGWeb.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGWeb.pm
@@ -4,6 +4,7 @@ use Template;
 use XML::Simple;
 use XML::LibXML;
 use File::stat;
+use Encode;
 use Apache2::Const -compile => qw(OK DECLINED HTTP_INTERNAL_SERVER_ERROR);
 use Apache2::Log;
 use OpenSRF::EX qw(:try);
@@ -68,6 +69,8 @@ sub handler {
         }
     });
 
+    $ctx->{encode_utf8} = sub {return encode_utf8(shift())};
+
     unless($tt->process($template, {ctx => $ctx, ENV => \%ENV, l => $text_handler})) {
         $r->log->warn('egweb: template error: ' . $tt->error);
         return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
diff --git a/Open-ILS/web/templates/default/opac/parts/header.tt2 b/Open-ILS/web/templates/default/opac/parts/header.tt2
index 9b9132c..1298754 100644 (file)
--- a/Open-ILS/web/templates/default/opac/parts/header.tt2
+++ b/Open-ILS/web/templates/default/opac/parts/header.tt2
@@ -52,7 +52,11 @@
 
         # apply user params
         FOR k IN params.keys;
-            foo = cgi.param("-name", k, "-values", params.$k); 
+            encoded = [];
+            list = params.$k.0 ? params.$k : [params.$k];
+            # CGI croaks on already-decoded strings.  force-encode to be safe
+            FOR p IN list; encoded.push(ctx.encode_utf8(p)); END;
+            foo = cgi.param("-name", k, "-values", encoded);
         END;
 
         # for url brevity, remove any params that have no value
@@ -62,7 +66,11 @@
         END;
 
         IF page;
-            page _ '?' _ cgi.query_string;
+            IF cgi.query_string;
+                page _ '?' _ cgi.query_string;
+            ELSE;
+                page;
+            END;
         ELSE;
             cgi.url("-path" => 1, "-query" => 1);
         END;
Evergreen working repo (PINES)