In fixing
Item2650, I noticed that from the form
<form name="newtopic" action="%SCRIPTURLPATH{"edit"}%/%WEB%/">
<input type="hidden" name="formtemplate" value="TestForm" />
New topic name <input type="hidden" name="topic" value="FormInitXXXXXXXXXXX" />
<input type="hidden" name="OperatingSystem" value="OsMacOS,OsSolaris" />
<input type="submit" class="twikiSubmit" value="Create" />
</form>
the value of field
OperatingSystem
was
OsMacOS%2COSSolaris
. In
lib/TWiki/Form.pm
, we tend to look for "
,
", not for
%2C
. I don't know why the
%2C
shows up in the field, but we might want to check whether there are areas that could bite us here.
In the fix discussed, I explicitly put a check for both the comma and
%2C
, but there are no other places in
lib/TWiki/Form.pm
where this is done.
The value
where? The encoding/decoding of parameters in POSTs should be hidden entirely in CGI. If an encoding is leaking into the code, there may be a problem in CGI...
CC
I am not sure I understand the question... I had to explicitly put a check in the code to look for the encoded comma which does not seem to be good.... --
TW
No, it doesn't sound good. Can you describe a testcase? I can't reproduce this....
CC
Thomas, any chance of that testcase? Otherwise I'm going to have to close this, as i can't reproduce it. Thanks.
CC
No feedback for a year. No solving.
No Action
KJL