Defect #40237: Error in autocomplete (`ActionController::BadRequest (Invalid query parameters: invalid %-encoding (%)`) - Redmine

Actions

Copy link

Defect #40237

closed

Error in autocomplete (`ActionController::BadRequest (Invalid query parameters: invalid %-encoding (%)`)

Added by Abe Tomoaki 9 months ago. Updated 9 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Marius BĂLTEANU

Category:

Target version:

5.0.8

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Fixed

Affected version:

Description

If you type a character after `@` in issues, etc., it will auto-complete.
If the character contains `%`, an error is output to the server log.

The following patch seems to fix it.

--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -1167,7 +1167,7 @@ function inlineAutoComplete(element) {
             if (event.target.type === 'text' && $(element).attr('autocomplete') != 'off') {
               $(element).attr('autocomplete', 'off');
             }
-            remoteSearch(getDataSource('issues') + text, function (issues) {
+            remoteSearch(getDataSource('issues') + encodeURIComponent(text), function (issues) {
               return cb(issues);
             });
           },
@@ -1189,7 +1189,7 @@ function inlineAutoComplete(element) {
         {
           trigger: '[[',
           values: function (text, cb) {
-            remoteSearch(getDataSource('wiki_pages') + text, function (wikiPages) {
+            remoteSearch(getDataSource('wiki_pages') + encodeURIComponent(text), function (wikiPages) {
               return cb(wikiPages);
             });
           },
@@ -1211,7 +1211,7 @@ function inlineAutoComplete(element) {
           values: function (text, cb) {
             const url = getDataSource('users');
             if (url) {
-              remoteSearch(url + text, function (users) {
+              remoteSearch(url + encodeURIComponent(text), function (users) {
                 return cb(users);
               });
             }

https://github.com/redmine/redmine/blob/e8c373e5596b38e3b9434cfb0730bfb08b7d8c6d/app/assets/javascripts/application.js#L1162-L1231

Error Examples

input: `@a%`
log: `ActionController::BadRequest (Invalid query parameters: invalid -encoding (a)):`

input: `#%`
log: `ActionController::BadRequest (Invalid query parameters: invalid -encoding ()):`

environment

$ git rev-parse --short HEAD
e8c373e55

$ RAILS_ENV=development bin/about

Environment:
  Redmine version                5.1.1.devel
  Ruby version                   3.1.4-p223 (2023-03-30) [x86_64-linux]
  Rails version                  7.1.3
  Environment                    development
  Database adapter               SQLite
  Mailer queue                   ActiveJob::QueueAdapters::AsyncAdapter
  Mailer delivery                smtp
Redmine settings:
  Redmine theme                  Default
SCM:
  Subversion                     1.14.2
  Mercurial                      6.3.2
  Git                            2.39.2
  Filesystem
Redmine plugins:
  no plugin installed