Changeset 33544

Timestamp:

2019-10-03T18:56:15+13:00 (5 years ago)

Author:

ak19

Message:

1. Dr Bainbridge had the correct fix for solr dealing with phrase searching where clicking on a facet then made search results disappear instead of showing the results within that facet. The problem was that double quotes ended up as html entities for ampersanded-quote and therefore didn't get URL encoded for transfer. Fixed now in java-script-global-setup.xsl, where all values gs.cgiParams[key] are taken care of. An additional fix was needed in facet-scripts.js, where makeURLComponentSafe() needed to be applied to each value of gs.cgiParams[] that got used when generating the searchString, notably the s1.query param value where the earlier omission of this step revealed an obvious problem. The facet portion of the URL was already taken care of in previous bugfixes. 3. Added some important comments and links.

Location:

main/trunk/greenstone3/web/interfaces/default

Files:

• js/facet-scripts.js (modified) (2 diffs)
• js/utility_scripts.js (modified) (2 diffs)
• transform/javascript-global-setup.xsl (modified) (1 diff)

main/trunk/greenstone3/web/interfaces/default/js/facet-scripts.js

@@ -15 +15 @@
     for(var key in gs.cgiParams)
     {
-        if (gs.cgiParams.hasOwnProperty(key)) 
-        {
-            searchString += key.replace(/_/g, ".") + "=" + gs.cgiParams[key] + "&";
-        }
+        if (gs.cgiParams.hasOwnProperty(key))
+        {
+        searchString += key.replace(/_/g, ".") + "=" + makeURLComponentSafe(gs.cgiParams[key]) + "&";
+        //console.log("PARAM FOR key " + key + ":" + gs.cgiParams[key]);
+        //console.log("SAFE PARAM FOR " + key + ":" + makeURLComponentSafe(gs.cgiParams[key]));
+        }
     }
     
@@ -32 +34 @@
             // calling makeURLSafe() here will ensure percent signs are escaped away too
             // by the end of makeURLComponentSafe() call below
+            // Note that apostrophe's in URLs should get encoded, https://www.techwalla.com/articles/how-to-encode-an-apostrophe-in-a-url
+            // though the apostrophe is not in that other list of invalid and unsafe chars in urls dealt with in utility_scripts.js         
             countsStringBuffer += "\"" + makeURLSafe(counts[i]).replace(/'/g, "%2527") + "\"";
             if(i < counts.length - 1)

main/trunk/greenstone3/web/interfaces/default/js/utility_scripts.js

@@ -29 +29 @@
      ; / ? : @ = &
      ----->  %3B %2F %3F %3A %40 %3D %26
+  [Now also reserved, but no special meaning yet in URLs (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent)
+  and not required to be enforced yet, so we're aren't at present dealing with these:
+     ! ' ( ) *
+  ]
   Unsafe chars:
      " < > # % { } | \ ^ ~ [ ] ` and SPACE/BLANK
@@ -35 +39 @@
      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
   Possibly more info: https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid
+
+  And the bottom of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
+  lists additional characters that have been reserved since and which need encoding when in a URL component.
 
   Javascript already provides functions encodeURI() and encodeURIComponent(), see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI

main/trunk/greenstone3/web/interfaces/default/transform/javascript-global-setup.xsl

@@ -34 +34 @@
             <xsl:for-each select="/page/pageRequest/paramList/param">
                 <xsl:text disable-output-escaping="yes">name = "</xsl:text><xsl:value-of select="@name"/><xsl:text disable-output-escaping="yes">";</xsl:text>
-                <xsl:text disable-output-escaping="yes">value = "</xsl:text><xsl:value-of select="util:escapeNewLinesAndQuotes(@value)"/><xsl:text disable-output-escaping="yes">";</xsl:text>
+                <xsl:text disable-output-escaping="yes">value = "</xsl:text><xsl:value-of disable-output-escaping="yes" select="util:escapeNewLinesAndQuotes(@value)"/><xsl:text disable-output-escaping="yes">";</xsl:text>
                 <xsl:text disable-output-escaping="yes">name = name.replace(".", "_");</xsl:text>
-                gs.cgiParams[name] = value;
+                gs.cgiParams[name] = value;             
             </xsl:for-each>
         </script>