Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"greater than" or "less than" symbol are html encoded ("&gt","&lt") not url encoded ("%3e","%3c") when put into bulk request #9393

Closed
milexjaro opened this issue Dec 15, 2015 · 3 comments
Closed

"greater than" or "less than" symbol are html encoded ("&gt","&lt") not url encoded ("%3e","%3c") when put into bulk request #9393

milexjaro opened this issue Dec 15, 2015 · 3 comments
Assignees
@tsteur
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone
2.16.0

Comments

@milexjaro
Copy link

I need some help, when I used a bulk API request, and adding some segmentation where ">" is "%3e" in url encoding, it transform to "&gt" thus it can't provide the correct response. Is there any solution or alternatives to solve this problem? Thanks in advance
@milexjaro milexjaro changed the title "greater than" or "less than" symbol are html encoded ("&gt","&lt") not url encoded ("%3e","%3c") when put to bulk request "greater than" or "less than" symbol are html encoded ("&gt","&lt") not url encoded ("%3e","%3c") when put into bulk request Dec 15, 2015
@tsteur
Copy link
Member

tsteur commented Dec 15, 2015

Do you maybe have a URL or command to reproduce this? Feel free to hide your domain and make sure there is no value for token_auth visible

@milexjaro
Copy link
Author

Hi @tsteur thanks for replying, sure, I used piwik domain to test, and here it is:

http://demo.piwik.org/?module=API&method=API.getBulkRequest&format=json&urls[0]=method%3dVisitsSummary.getVisits%26idSite%3d7%26period%3drange%26date%3d2015-11-30%2c2015-12-4%26segment%3dvisitDuration%3d%3d30%3bactions%3E%3d2%26format%3dJSON%26token_auth%3danonymous

I don't know why it's transformed into html encoding, thanks

@tsteur
Copy link
Member

tsteur commented Dec 16, 2015

I can confirm this is a bug. Problem is that it's handled correctly by API.getBulkRequest but when getBulkRequests performs each individual API request the Segment actions>=2 get's transformed to >=2 here: https://github.com/piwik/piwik/blob/2.15.1-b10/core/API/Request.php#L109 . Only a few lines above we take care of the segment special case here https://github.com/piwik/piwik/blob/2.15.1-b10/core/API/Request.php#L90-L92 when reading the original values but not when an individual request is executed via Request::processRequest.

To be exact it gets converted to > here: https://github.com/piwik/piwik/blob/master/core/UrlHelper.php#L198

Maybe we could unsanitizeValue($requestParsed['segment']) if a segment value is present here: https://github.com/piwik/piwik/blob/2.15.1-b10/core/API/Request.php#L110 ? but not sure re any downsides @mattab @diosmosis

@mattab mattab added the Bug For errors / faults / flaws / inconsistencies etc. label Dec 22, 2015
@mattab mattab added this to the 2.16.0 milestone Dec 22, 2015
@tsteur tsteur mentioned this issue Jan 11, 2016
Merged
@tsteur tsteur self-assigned this Jan 11, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsteur tsteur

Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Milestone
2.16.0
Development

No branches or pull requests
3 participants
@tsteur @mattab @milexjaro