URL Encoding Problem

hugo · April 23, 2021, 10:51am

Hello all,
I’m migrating a xwiki server, and I see a difference on links generated by the same code:
$response.sendRedirect($xwiki.getURL($targetDocName, ‘inline’, “template=${request.template}&parent=$escapetool.url(${docParent})&title=$escapetool.url($docName)$!{defaultId}&sessionReview=${request.itemSession}”))

On server with version 6.3 the link was
xwiki/bin/inline/HOME/FORM-RG_LogoML_SC_DOS-809761?template=Code.FormuleRGEditTemplate&parent=HOME.RG_LogoML_SC_DOS&title=FORM%2DRG_LogoML_SC_DOS%2D809761&sessionReview=$%7BitemSession%7D

Now on version 12.10.4 the same code generates the link
xwiki/bin/inline/HOME/FORM-RG_LogoML_SC_DOS-809761?template=Code.FormuleRGEditTemplate&parent=HOME.RG_LogoML_SC_DOS&title=FORM-RG_LogoML_SC_DOS-809761&sessionReview=${itemSession}

This means the url link is not beeing encoded like “-” should be “%2D” and “{” should be “%7B”

Is the function getURL() that changed between versions and I’ve to adapt the code, or is something else ?

Thank for your time

hugo · April 27, 2021, 3:31pm

Does anyone can help me?

tmortagne · April 27, 2021, 3:46pm

I don’t think you really need to encode - in a URL, so the previous version was actually encoding too much it seems.

I don’t see anything in your code to encode this value, so the current behavior make sense and what I don’t understand is your previous behavior. You should use $escapetool.url(${request.itemSession}) to make sure the value of the itemSession request parameter is properly escaped (and same for any variable for which you don’t really know what it’s going to contain).

hugo · April 28, 2021, 9:09am

Hello,
thank you for your input.

In fact the $escapetool.url(${request.itemSession}) works, it solved.
There should be a difference between versions on the way the encode is done.

Thank you very much