Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-45101

URL validator update is causing some parameter replacement to fail

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 21.0, 22.0 [Tentative]
    • Fix Version/s: 22.0 [Tentative]
    • Component/s: Web Content
    • Labels:
      None
    • Test Plan:
      Hide

      Add a web content tool with a URL like 

      https://sakailms.org?siteId=${SITE_ID}&userId=${USER_ID}&userEid=${USER_EID}&userFirst=${USER_FIRST_NAME}

      It comes back with "Alert: Invalid URL". In past versions of Sakai this would work. If it fully works if you open the URL in a new window you should see the parameters replaced. I'm not sure how this will be fixed.

      (Edit the new parameters are the ones without braces so use these, the previous URL should give an error message. 

      https://sakailms.org?siteId=$SITE_ID&userId=$USER_ID&userEid=$USER_EID&userFirst=$USER_FIRST_NAME&userLast=$USER_LAST_NAME&userRole=$USER_ROLE&siteProp=$SITE_PROP:term
      

      Also the last parameter $SITE_PROP:term won't be replaced unless configured on the server. The property for this is below, I have tested this locally.

      iframe.allowed.macros=$USER_ID,$USER_EID,$USER_FIRST_NAME,$USER_LAST_NAME,$SITE_ID,$USER_ROLE,$SITE_PROP:term
      
      Show
      Add a web content tool with a URL like  https://sakailms.org?siteId=${SITE_ID}&userId=${USER_ID}&userEid=${USER_EID}&userFirst=${USER_FIRST_NAME} It comes back with "Alert: Invalid URL". In past versions of Sakai this would work. If it fully works if you open the URL in a new window you should see the parameters replaced. I'm not sure how this will be fixed. (Edit the new parameters are the ones without braces so use these, the previous URL should give an error message.  https://sakailms.org?siteId=$SITE_ID&userId=$USER_ID&userEid=$USER_EID&userFirst=$USER_FIRST_NAME&userLast=$USER_LAST_NAME&userRole=$USER_ROLE&siteProp=$SITE_PROP:term Also the last parameter $SITE_PROP:term won't be replaced unless configured on the server. The property for this is below, I have tested this locally. iframe.allowed.macros=$USER_ID,$USER_EID,$USER_FIRST_NAME,$USER_LAST_NAME,$SITE_ID,$USER_ROLE,$SITE_PROP:term

      Description

      After the update to commons validator on SAK-44089 to 1.7, a "feature" of web content to do parameter replacement is no longer working. (See test plan)

      I believe this is because of https://issues.apache.org/jira/browse/VALIDATOR-472 (UrlValidator should not be more lax than java.net.URI) and curly braces not being valid in URI's. 

      I don't know how popular this feature is, but I found an email thread about it from 10 years ago. One idea I have to fix this is to validate on the replaced values and still just persist the original string. It might be nice if it could also validate if the values, so it would have a different error message if a parameter is incorrect or cannot be replaced. (Still containing braces). It could also URLEncode the URL and maybe do a replacement using the encoded (%7B and %7D) strings. Not entirely sure how it's implemented. 

      Here's some more info on characters not allowed. I'm not sure if anything else would break with this change: https://meta.stackexchange.com/a/79060

      A better fix might be to just drop the braces? $USER_ID is basically the same as ${USER_ID} Though that might need a conversion of some kind for existing URL's? Or could have used a valid character like parenthesis.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  jonespm Matthew Jones
                  Reporter:
                  ktlibrarian12 Kristine Towne
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration