On the javascript-side, when filter_build_rql returns the new rql, the url associated to the bookmark this search link is updated accordingly. To escape the URL parameters such as rql and vid, the standard escape function is used and can generate incorrect values. For instance:
escape("Any Y + 10 WHERE X foo Y") ==> "Any%20Y%20+%2010%20WHERE%20X%20foo%20Y"
The + sign is left as is, which is incorrect because + is the escape character of space for application/x-www-form-urlencoded data. To prevent this, encodeURI and / or encodeURIComponent should be used instead of escape. | |
| priority | normal |
|---|---|
| type | bug |
| appeared in | <not specified> |
| done in | 3.13.8 |
| load | 0.100 |
| load left | 0.000 |
| closed by | #7923:ece4bc9b9314 |
[register] [login]
#1984598 logs full of Unauthorized raised by blind data retrieval in rdf/xml vie...