Opened 8 months ago
Last modified 8 months ago
#13610 new Patch - Bug Fix
MythWeb: Fix url encoding of sort links in column titles
| Reported by: | Nigel Jewell | Owned by: | Stuart Auchterlonie |
|---|---|---|---|
| Priority: | minor | Milestone: | needs_triage |
| Component: | Plugin - MythWeb | Version: | v31-fixes |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
I've discovered a small bug in MythWeb fixes/31 that is also present in master and older branches.
If I perform the following navigation on MythWeb:
- Click "Searches" heading
- Click "Movies, 3½ Stars or more" link
- Click "Title" colummn heading
The results returned are no longer filtered by the canned search (Movies, 3½ Stars or more) and if a lot of programs are available in the results it could blow up with: Fatal error: Allowed memory size of <num> bytes exhausted.
The reason for the issue is that the canned search in the sort link is not encoded correctly. The application then fails to recognise the canned search in search.php and discards it; if (empty($Canned_Searches[$search_name])) ....
The page tv/searches has the following link:
<a href="tv/search/canned%3AMovies%2C%203%26frac12%3B%20Stars%20or%20more">
The page tv/search/canned%3AMovies%2C 3%26frac12%3B Stars or more has the following link:
<a href="tv/search/canned:Movies, 3½ Stars or more?sortby=title">
it should be:
<a href="tv/search/canned%3AMovies%2C%203%26frac12%3B%20Stars%20or%20more?sortby=title">
The root cause is the use of PATH_INFO when building the link in includes/sorting.php. PATH_INFO has been previously decoded and is not reencoded on output. An alternative way would be to use REQUEST_URI as that has not been decoded.
Tested patch that uses REQUEST_URI rather than PATH_INFO.