Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

AI OnAI Off

Friendly Url removing encoded amperstand from query string

Vote:
 
Hey guys I have a bit of a werid issue which I want to run by you. The basic problem is when I am passing information between pages using a query string to store values any text which contains an ampersand has the ampersand and any following text removed from the finial url. The information is always url encoded. For example the url before I do a response redirect is: ?autonomyName=appearance_measurement_motion_scale_time&conceptName=Motion%2c+Measurement%2c+Scale+%26+Time&searchTerms=made but on reaching the other page it is changed to: ?autonomyName=appearance_measurement_motion_scale_time&conceptName=Motion%2c%2520Measurement%2c%2520Scale%2520&searchTerms=made Notice the lack of "+%26+Time" from the url. Is this a known issue with episerver or has anyone got any ideas?
#17561
Sep 01, 2006 12:48
Steve Celius
Steve Celius
Vote:
 
What does the original url look like before you encode it?
#18403
Sep 01, 2006 14:06
Vote:
 
The url if it was not encoded would look something like this. However as I am encoding as the url is built up any information is always encoded before the Response.Redirect method is called. ?autonomyName=appearance_measurement_motion_scale_time&conceptName=Motion, Measurement, Scale & Time&searchTerms=made
#18404
Sep 01, 2006 16:54
Steve Celius
Steve Celius
Vote:
 
What type of encoding are you doing? I can reproduce the problem with Server.HtmlEncode and Server.UrlPathEncode, but it works ok with Server.UrlEncode. Insert the following somewhere in your default.aspx: | |
Server.HtmlEncode | Server.UrlEncode | Server.UrlPathEncode
<%= OutputQueryString() %> and play around with the links. Hopefully you can find the one that works best for you. /Steve
#18405
Sep 01, 2006 19:55
Vote:
 
I am using HttpUtility.UrlEncode to do my encoding which works fine when using a standard asp.net application but seems to fail within the episerver environment.
#18406
Sep 01, 2006 21:07
Steve Celius
Steve Celius
Vote:
 
The code above worked in my EPiServer environment. Have you tried to disable the friendly urls?
#18407
Sep 01, 2006 22:10
Linus Ekström
Linus Ekström
Vote:
 
Hello Michael! What version are you using? If I don't remember wrong there was a bug with this in 4.60 that was fixed in 4.61. If you are running on 4.60, try if a upgrade may solve your problem.
#18408
Sep 06, 2006 9:47
Håkan Alexander
Håkan Alexander
Vote:
 
There is a bug in 4.61 that removes the querystring on postbacks. Hopefully fixed in next hotfix. With some inheritance and own implementations it can be fixed on current versions. /HAXEN
#18409
Sep 07, 2006 14:52
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.