Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0051515
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajoralways2023-01-31 12:462023-02-27 11:56
ReportergorkaionView Statuspublic 
Assigned Toranjith_qualiantech_com 
PriorityhighResolutionfixedFixed in VersionRR23Q2
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0051515: Wrong json encode on DS.Request when the json has a string value with the "/" character

DescriptionIn the customer instance the issue is reproduced when scanning a document number that has the "/" character. This scan is calling a backend custom service using OB.DS.Request:

new OB.DS.Request(customService).exec({param: "param/with/character}, callback, error)

These executes a GET call to backend the json with the parameters is encoded using encodeURI in ob-datasource.js [1] This is not scaping the / character so it is sent as it is in the request.

MobileService in backend manage this request. To get the parameters the service is executing a split of the url by "/" [2]. Since the original / is not encoded the split is wrong causing a failure initializing the JSONObject with the parameters. As a result the custom service is called with an empty JSONObject



[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/source/data/ob-datasource.js#L281 [^]
[2] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/src/org/openbravo/mobile/core/process/MobileService.java#L168 [^]
Steps To ReproduceUnknown how to execute in a clean POS. Any request to backend using OB.DS.Request().exec() with a parameter value containing the "/" should make it fail.

Livebuilds
Login POS
Open Console and run below code
var params = {};
params.sample = { a: 'X/X' };
params.bpartnerId = 'ABD91C9D3BC94175B876FBBE9CACA008';
params.bpLocationId = '2AA7EADDF7EC405899262DDA3E572436';
new OB.DS.Request('org.openbravo.retail.posterminal.master.LoadedCustomer').exec(params, async function(data) { console.log(data); });
Error will occur in request
Proposed SolutionIsntead of using encodeURI use encodeURIComponents to encode the json string.

https://thisthat.dev/encode-uri-vs-encode-uri-component/ [^]

And
ENCODED_SLASH should be updated in Apache and Tomcat
https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache [^]
https://stackoverflow.com/questions/39931538/how-to-set-allow-encoded-slash-in-tomcat-8 [^]
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0146280)
hgbot (developer)
2023-02-07 05:46

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/469 [^]
(0147030)
hgbot (developer)
2023-02-27 11:56

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/469 [^]
(0147031)
hgbot (developer)
2023-02-27 11:56

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 2c99a41586798d1fcb8d27cf82f56589ac05ae82
Author: Ranjith S R <ranjith@qualiantech.com>
Date: 27-02-2023 10:55:39
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/2c99a41586798d1fcb8d27cf82f56589ac05ae82 [^]

Fixed ISSUE-51515: Used encodeURIComponent to encode json string for GET request

---
M web/org.openbravo.mobile.core/source/data/ob-datasource.js
---

- Issue History
Date Modified Username Field Change
2023-01-31 12:46 gorkaion New Issue
2023-01-31 12:46 gorkaion Assigned To => Retail
2023-01-31 12:46 gorkaion Triggers an Emergency Pack => No
2023-02-02 12:36 ranjith_qualiantech_com Assigned To Retail => ranjith_qualiantech_com
2023-02-03 10:23 ranjith_qualiantech_com Status new => scheduled
2023-02-06 07:49 ranjith_qualiantech_com Steps to Reproduce Updated View Revisions
2023-02-06 07:49 ranjith_qualiantech_com Proposed Solution updated
2023-02-07 05:46 hgbot Note Added: 0146280
2023-02-27 11:56 hgbot Resolution open => fixed
2023-02-27 11:56 hgbot Status scheduled => closed
2023-02-27 11:56 hgbot Note Added: 0147030
2023-02-27 11:56 hgbot Fixed in Version => RR23Q2
2023-02-27 11:56 hgbot Note Added: 0147031


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker