Changeset 33016 for main/trunk/greenstone3/web/interfaces/default/js/facet-scripts.js

Timestamp:

2019-04-17T20:26:03+12:00 (5 years ago)

Author:

ak19

Message:

Getting facet searching working again in tomcat 8, where it had broken due to reserved and unsafe chars in the URL. The fix required using the recent makeURLSafe() and makeURLComponentSafe() methods in facet-scripts.js. This meant that these functions and their helper functions needed to be moved into their own script file, newly introducing utility_scripts.js, rather than remain in document_scripts.js since doc_scripts.js is not included on the query.xsl page which includes facet-scripts.js

File:

• main/trunk/greenstone3/web/interfaces/default/js/facet-scripts.js (modified) (2 diffs)

main/trunk/greenstone3/web/interfaces/default/js/facet-scripts.js

@@ -21 +21 @@
     }
     
-    var countsString = "s1.facetQueries=&";
+    var countsString = "s1.facetQueries=";
     if(counts.length > 0)
     {
-        countsString = "s1.facetQueries=[";
-        var countsStringBuffer = "";
+        var countsStringBuffer = "[";
         for(var i = 0; i < counts.length; i++)
         {
             // escape any apostrophes in facet query terms
             // (ext/solr's Greenstone3SearchHandler does the other half of handling them)
-            countsStringBuffer += "\"" + encodeURI(counts[i]).replace(/'/g, "%2527") + "\"";
+            //countsStringBuffer += "\"" + encodeURI(counts[i]).replace(/'/g, "%2527") + "\"";
+            // calling makeURLSafe() here will ensure percent signs are escaped away too
+            // by the end of makeURLComponentSafe() call below
+            countsStringBuffer += "\"" + makeURLSafe(counts[i]).replace(/'/g, "%2527") + "\"";
             if(i < counts.length - 1)
             {
@@ -37 +39 @@
         }
         
-        countsString += encodeURI(countsStringBuffer) + "]&";
+        countsStringBuffer += "]";
+
+        // We need to ensure that the *value* of s1.facetQueries (so everything after
+        // s1.facetQueries= and before the connecting &) are safe, which requires escaping,
+        // and are further also escaped to not be mistaken for their reserved meaning.
+        // : is a reserved character in URLs, [] are unsafe characters. All need escaping.
+        // So call makeURLComponentSafe(), not makeURLSafe()
+        countsString = countsString + makeURLComponentSafe(countsStringBuffer, 1);
     }
     
-    console.log("STRING IS " + countsString)
+    countsString += "&";
+    console.log("STRING IS " + countsString);
     
     $.ajax(gs.xsltParams.library_name + "/collection/" + gs.cgiParams.c + "/search/" + gs.cgiParams.s + "?" + searchString + countsString + "excerptid=resultsArea")