RT version 4.0.5
Issue:
Custom field value gets URL double encoded for custom field that has link values to set up to Splunk ES incident review.
The ‘=’ changes to %3D and the ‘&’ becomes %26, from the custom field’s value. In the ticket display the value of the custom field displays ‘=’ and ‘&’ fine, but the link translates it to ‘%3D’ and ‘%26’
Need help in preventing the double encoding.
Thank you,
Kamber Dalal
RT version 4.0.5
Custom field value gets URL double encoded for custom field that has link values to set up to
Splunk ES incident review.The
=' changes to %3D and the&’ becomes %26, from the custom field’s value. In the ticket
display the value of the custom field displays=' and&’ fine, but the link translates it to
%3D' and%26’
This question really needs replication steps.
Create a custom field with these settings
Put this in Link value to
Create a ticket where the custom field has this specific value
visit Ticket/Display.html and click on the link and this will break
with X
Without it, I’m really guessing at what and where is double encoding.
-kevin
Kevin,
My Custom Field value is:
srch=abcd&earliest=klmtime&latest=xyztime
In the Custom Field definition link value to is set as:
http://myweb.domain.com/__CustomField__
The URL being generated is http://myweb.domain.com/srch%3Dabcd%26earliest%3Dklmtime%26latest%3Dxyztime
Instead of what should be:
http://myweb.domain.com/srch=abcd&earliest=klmtime&latest=xyztime
Thank you for the assistance.
Kamber DalalFrom: Dalal, Kamber Z
Sent: Thursday, February 13, 2014 13:33
To: ‘rt-users@lists.bestpractical.com’
Subject: URL double encoding from the custom field value
RT version 4.0.5
Issue:
Custom field value gets URL double encoded for custom field that has link values to set up to Splunk ES incident review.
The ‘=’ changes to %3D and the ‘&’ becomes %26, from the custom field’s value. In the ticket display the value of the custom field displays ‘=’ and ‘&’ fine, but the link translates it to ‘%3D’ and ‘%26’
Need help in preventing the double encoding.
Thank you,
Kamber Dalal
My Custom Field value is:
srch=abcd&earliest=klmtime&latest=xyztime
In the Custom Field definition link value to is set as:
http://myweb.domain.com/__CustomField__
The URL being generated is
http://myweb.domain.com/srch%3Dabcd%26earliest%3Dklmtime%26latest%3DxyztimeInstead of what should be:
http://myweb.domain.com/srch=abcd&earliest=klmtime&latest=xyztime
Thanks - with better data I can now see what’s happening.
RT makes a number of checks on the Custom Field content to protect
your users. Since Custom Fields could contain data from a malicious
user, we try to detect and avoid javascript and data URIs and block
them, and we URI Escape all user inputted data before generating the
link.
The relevant method is in ObjectCustomFieldValue.pm called
_FillInTemplateURL and you can see that it has configuration:
CustomField => { value => sub { $_[0]->Content }, escape => 1 },
You would need to define an ObjectCustomFieldValue_Local.pm to redefine
that method and avoid escaping on that one CF value unfortunately.
-kevin