@robocoder opened this Issue on March 14th 2011 Contributor

setDocumentTitle() expects an un-encoded string because piwik.js uses encodeURIComponent to encode parameters in the request.

@robocoder commented on March 15th 2011 Contributor

Attachment:
2185.patch

@robocoder commented on March 14th 2011 Contributor

(In [4080]) fixes #2185

@mattab commented on March 14th 2011 Member

the sanitizeInputValue is called for all input values, generally very often, I think charset detection is pretty slow...

is the piwik.js fix not enough to get the page titles right?

@robocoder commented on March 14th 2011 Contributor

I'll rework it.

@robocoder commented on March 15th 2011 Contributor

(In [4087]) refs #2185 - revert r4080

  • for performance, move html_entity_decode out of sanitizeInputValue() since it's only used when we getRequestVar('action_name')
  • add unit tests
@robocoder commented on March 15th 2011 Contributor

(In [4092]) refs #2185 - sanitizeInputValue() returned '' if input wasn't valid UTF-8

@robocoder commented on March 15th 2011 Contributor

Re-think:

  • re r4087, moved html_entity_decode out of sanitizeInputValue(). Matt wonders if we should also use html_entity_decode for custom variables and referer.
  • re forum post, passing an already encoded URL results in double encoding.
@robocoder commented on March 15th 2011 Contributor

The attached patch moves html_entity_code() back to sanitizeInputValue(), and tries to detect/fix double encoding.

I'll come back to this problem after I've thought more about the implications are.

@mattab commented on March 15th 2011 Member

do we need to handle this use case though? It has never been a problem so far, and I really don't want to complicate the sanitize function because it is heavily used, and security related. It must stay simple and fast. So I vote for updating the doc and clarify that we don't accept encoded values, and leave the sanitize as is on trunk (with your new test in the function)

@robocoder commented on March 16th 2011 Contributor

(In [4096]) fixes #2185

This Issue was closed on March 16th 2011
Powered by GitHub Issue Mirror