URL double encoding from the custom field value

RT version 4.0.5
Issue:

Custom field value gets URL double encoded for custom field that has link values to set up to Splunk ES incident review.
The ‘=’ changes to %3D and the ‘&’ becomes %26, from the custom field’s value. In the ticket display the value of the custom field displays ‘=’ and ‘&’ fine, but the link translates it to ‘%3D’ and ‘%26’

Need help in preventing the double encoding.

Thank you,
Kamber Dalal

RT version 4.0.5

Custom field value gets URL double encoded for custom field that has link values to set up to
Splunk ES incident review.

The =' changes to %3D and the&’ becomes %26, from the custom field’s value. In the ticket
display the value of the custom field displays =' and&’ fine, but the link translates it to
%3D' and%26’

This question really needs replication steps.

Create a custom field with these settings
Put this in Link value to
Create a ticket where the custom field has this specific value
visit Ticket/Display.html and click on the link and this will break
with X

Without it, I’m really guessing at what and where is double encoding.

-kevin

Kevin,

My Custom Field value is:

srch=abcd&earliest=klmtime&latest=xyztime

In the Custom Field definition link value to is set as:
http://myweb.domain.com/__CustomField__

The URL being generated is http://myweb.domain.com/srch%3Dabcd%26earliest%3Dklmtime%26latest%3Dxyztime

Instead of what should be:

http://myweb.domain.com/srch=abcd&earliest=klmtime&latest=xyztime

Thank you for the assistance.

Kamber DalalFrom: Dalal, Kamber Z
Sent: Thursday, February 13, 2014 13:33
To: ‘rt-users@lists.bestpractical.com’
Subject: URL double encoding from the custom field value

RT version 4.0.5
Issue:

Custom field value gets URL double encoded for custom field that has link values to set up to Splunk ES incident review.
The ‘=’ changes to %3D and the ‘&’ becomes %26, from the custom field’s value. In the ticket display the value of the custom field displays ‘=’ and ‘&’ fine, but the link translates it to ‘%3D’ and ‘%26’

Need help in preventing the double encoding.

Thank you,
Kamber Dalal

My Custom Field value is:

srch=abcd&earliest=klmtime&latest=xyztime

In the Custom Field definition link value to is set as:

http://myweb.domain.com/__CustomField__

The URL being generated is
http://myweb.domain.com/srch%3Dabcd%26earliest%3Dklmtime%26latest%3Dxyztime

Instead of what should be:

http://myweb.domain.com/srch=abcd&earliest=klmtime&latest=xyztime

Thanks - with better data I can now see what’s happening.

RT makes a number of checks on the Custom Field content to protect
your users. Since Custom Fields could contain data from a malicious
user, we try to detect and avoid javascript and data URIs and block
them, and we URI Escape all user inputted data before generating the
link.

The relevant method is in ObjectCustomFieldValue.pm called
_FillInTemplateURL and you can see that it has configuration:

CustomField => { value => sub { $_[0]->Content }, escape => 1 },

You would need to define an ObjectCustomFieldValue_Local.pm to redefine
that method and avoid escaping on that one CF value unfortunately.

-kevin