Item13302: CGI>=4.11 auto-escape breaks string encoding

foswiki · Mar 24, 2015 · 7969788 · 7969788
1 parent f6936bd
commit 7969788
Show file tree

Hide file tree

Showing 8 changed files with 86 additions and 33 deletions.
diff --git a/JQueryPlugin/lib/Foswiki/Form/Color.pm b/JQueryPlugin/lib/Foswiki/Form/Color.pm
@@ -34,11 +34,12 @@ sub renderForEdit {
     $value ||= '#000';
 
     my $field = CGI::textfield(
-        -class => $this->cssClasses('foswikiInputField jqFarbtastic'),
-        -name  => $this->{name},
-        -size  => 11,
-        -value => $value,
-        -id    => $this->{name},
+        -class    => $this->cssClasses('foswikiInputField jqFarbtastic'),
+        -name     => $this->{name},
+        -size     => 11,
+        -override => 1,
+        -value    => $value,
+        -id       => $this->{name},
     );
 
     return ( '', $field );

diff --git a/JQueryPlugin/lib/Foswiki/Form/Textboxlist.pm b/JQueryPlugin/lib/Foswiki/Form/Textboxlist.pm
@@ -51,13 +51,16 @@ sub renderForEdit {
         }
     }
 
+    $value = $this->decode($value) if $this->can("decode");
+
     my $field = CGI::textfield(
         -class =>
           $this->cssClasses("foswikiInputField jqTextboxList $metadata"),
-        -name  => $this->{name},
-        -size  => $this->{size},
-        -value => $value,
-        -id    => $this->{name},
+        -name     => $this->{name},
+        -size     => $this->{size},
+        -override => 1,
+        -value    => $value,
+        -id       => $this->{name},
     );
 
     return ( '', $field );

diff --git a/core/lib/Foswiki/Form/Checkbox.pm b/core/lib/Foswiki/Form/Checkbox.pm
@@ -125,11 +125,15 @@ sub renderForEdit {
         );
         $extra .= "</div>";
     }
+
     $value = '' unless defined($value) && length($value);
+
+    my @values = @{ $this->getOptions() };
     my %isSelected = map { $_ => 1 } split( /\s*,\s*/, $value );
     my %attrs;
     my @defaults;
-    foreach my $item ( @{ $this->getOptions() } ) {
+
+    foreach my $item (@values) {
 
         my $title = $item;
         $title = $this->{_descriptions}{$item}
@@ -152,16 +156,23 @@ sub renderForEdit {
             }
         }
     }
+
     my %params = (
         -name       => $this->{name},
-        -values     => $this->getOptions(),
-        -defaults   => \@defaults,
+        -override   => 1,
+        -values     => [ map { $this->decode($_) } @values ],
+        -defaults   => [ map { $this->decode($_) } @defaults ],
         -columns    => $this->{size},
         -attributes => \%attrs,
-        -override   => 1,
     );
     if ( defined $this->{valueMap} ) {
-        $params{-labels} = $this->{valueMap};
+        my %valueMap = ();
+        while ( my ( $key, $val ) = each %{ $this->{valueMap} } ) {
+            $key            = $this->decode($key);
+            $val            = $this->decode($val);
+            $valueMap{$key} = $val;
+        }
+        $params{-labels} = \%valueMap;
     }
     $value = CGI::checkbox_group(%params);
 

diff --git a/core/lib/Foswiki/Form/FieldDefinition.pm b/core/lib/Foswiki/Form/FieldDefinition.pm
@@ -18,6 +18,8 @@ package Foswiki::Form::FieldDefinition;
 use strict;
 use warnings;
 use Assert;
+use Encode ();
+use CGI    ();
 
 BEGIN {
     if ( $Foswiki::cfg{UseLocale} ) {
@@ -138,16 +140,36 @@ sub renderForEdit {
           . $this->{type}
           . '</span>',
         CGI::textfield(
-            -class => $this->cssClasses('foswikiAlert foswikiInputField'),
-            -name  => $this->{name},
-            -size  => 80,
-            -value => $value
+            -class    => $this->cssClasses('foswikiAlert foswikiInputField'),
+            -name     => $this->{name},
+            -size     => 80,
+            -override => 1,
+            -value    => $this->decode($value),
         )
     );
 }
 
 =begin TML
 
+---++ decode( $string ) -> $string
+
+Decode string from internal representation to the one defined in $Foswiki::cfg{Site}{CharSet}.
+This started becoming important with CGI >= 4.11 as byte strings are html escaped from there on.
+
+=cut
+
+sub decode {
+    my ( $this, $value ) = @_;
+
+    if ( $CGI::VERSION >= 4.11 ) {
+        $value = Encode::decode( $Foswiki::cfg{Site}{CharSet}, $value );
+    }
+
+    return $value;
+}
+
+=begin TML
+
 ---++ cssClasses(@classes) -> $classes
 Construct a list of the CSS classes for the form field. Adds additional
 class specifiers related to the attributes of the field e.g mandatory.

diff --git a/core/lib/Foswiki/Form/Label.pm b/core/lib/Foswiki/Form/Label.pm
@@ -25,11 +25,13 @@ sub renderForEdit {
     # even though it's not accessible for standard edits. Some contribs
     # may want to override this to make labels editable.
     my $renderedValue = $topicObject->expandMacros($value);
+
     return (
         '',
         CGI::hidden(
-            -name  => $this->{name},
-            -value => $value
+            -name     => $this->{name},
+            -override => 1,
+            -value    => $this->decode($value),
           )
           . CGI::div( { -class => 'foswikiFormLabel', }, $renderedValue )
     );

diff --git a/core/lib/Foswiki/Form/Radio.pm b/core/lib/Foswiki/Form/Radio.pm
@@ -41,6 +41,7 @@ sub getOptions {
     return $this->{_options} if $this->{_options};
 
     my $vals = $this->SUPER::getOptions(@_);
+
     if ( $this->{type} =~ m/\+values/ ) {
 
         # create a values map
@@ -82,12 +83,15 @@ sub getDisplayValue {
 sub renderForEdit {
     my ( $this, $topicObject, $value ) = @_;
 
+    my @values   = @{ $this->getOptions() };
     my $selected = '';
     my $session  = $this->{session};
     my %attrs;
-    foreach my $item ( @{ $this->getOptions() } ) {
+
+    foreach my $item (@values) {
         my $title = $item;
         $title = $this->{_descriptions}{$item} if $this->{_descriptions}{$item};
+
         $attrs{$item} = {
             class => $this->cssClasses('foswikiRadioButton'),
             title => $topicObject->expandMacros($title)
@@ -98,13 +102,21 @@ sub renderForEdit {
 
     my %params = (
         -name       => $this->{name},
-        -values     => $this->getOptions(),
-        -default    => $selected,
+        -override   => 1,
+        -values     => [ map { $this->decode($_) } @values ],
+        -default    => $this->decode($selected),
         -columns    => $this->{size},
         -attributes => \%attrs,
     );
+
     if ( defined $this->{valueMap} ) {
-        $params{-labels} = $this->{valueMap};
+        my %valueMap = ();
+        while ( my ( $key, $val ) = each %{ $this->{valueMap} } ) {
+            $key            = $this->decode($key);
+            $val            = $this->decode($val);
+            $valueMap{$key} = $val;
+        }
+        $params{-labels} = \%valueMap;
     }
 
     return ( '', CGI::radio_group(%params) );

diff --git a/core/lib/Foswiki/Form/Text.pm b/core/lib/Foswiki/Form/Text.pm
@@ -30,10 +30,11 @@ sub renderForEdit {
     return (
         '',
         CGI::textfield(
-            -class => $this->cssClasses('foswikiInputField'),
-            -name  => $this->{name},
-            -size  => $this->{size},
-            -value => $value
+            -class    => $this->cssClasses('foswikiInputField'),
+            -name     => $this->{name},
+            -size     => $this->{size},
+            -override => 1,
+            -value    => $this->decode($value),
         )
     );
 }

diff --git a/core/lib/Foswiki/Form/Textarea.pm b/core/lib/Foswiki/Form/Textarea.pm
@@ -51,11 +51,12 @@ sub renderForEdit {
     return (
         '',
         CGI::textarea(
-            -class   => $this->cssClasses('foswikiTextarea'),
-            -cols    => $this->{cols},
-            -rows    => $this->{rows},
-            -name    => $this->{name},
-            -default => "\n" . $value
+            -class    => $this->cssClasses('foswikiTextarea'),
+            -cols     => $this->{cols},
+            -rows     => $this->{rows},
+            -name     => $this->{name},
+            -override => 1,
+            -default  => "\n" . $this->decode($value),
         )
     );
 }