N°8148 - CAS problem when sending a link ending in & (#722)

N°8148 - CAS problem when sending a link ending in &
2026-02-12 23:14:18 +01:00 · 2025-06-30 14:19:33 +02:00
parent 8cece0f0fd
commit 062d543b26
15 changed files with 88 additions and 57 deletions
--- a/application/applicationcontext.class.inc.php
+++ b/application/applicationcontext.class.inc.php
@@ -195,16 +195,31 @@ class ApplicationContext
 	/**
 	 * Returns the context as string with the format name1=value1&name2=value2....
 	 * @return string The context as a string to be appended to an href property
+	 *
 	 */
-	public function GetForLink()
+	public function GetForLink(bool $bWithLeadingAmpersand = false)
 	{
+		// If there are no parameters, return an empty string
+		if(empty($this->aValues)){
+			return '';
+		}
+
+		// Build the query string with ampersand separated parameters
 		$aParams = array();
 		foreach($this->aValues as $sName => $sValue)
 		{
 			$aParams[] = "c[$sName]".'='.urlencode($sValue);
 		}
-		return implode("&", $aParams);
+		$sReturnValue = implode('&', $aParams);
+
+		// add the leading ampersand if requested
+		if($bWithLeadingAmpersand){
+			$sReturnValue = '&' . $sReturnValue;
+		}
+
+		return $sReturnValue;
 	}
+
 	/**
 	 * @since 3.0.0 N°2534 - dashboard: bug with autorefresh that deactivates filtering on organisation
 	 * Returns the params as c[menu]:..., c[org_id]:....
@@ -382,7 +397,7 @@ class ApplicationContext
 		$sUrl = call_user_func(array($sUrlMakerClass, 'MakeObjectUrl'), $sObjClass, $sObjKey);
 	   if (utils::StrLen($sUrl) > 0) {
 		   if ($bWithNavigationContext) {
-			   return $sUrl."&".$oAppContext->GetForLink();
+			   return $sUrl.$oAppContext->GetForLink(true);
 		   } else {
 			   return $sUrl;
 		   }
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -311,7 +311,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
 		{
 			$sParams .= $sName.'='.urlencode($value).'&'; // Always add a trailing &
 		}
-		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/'.$oObj->GetUIPage().'?'.$sParams.'class='.get_class($oObj).'&id='.$oObj->getKey().'&'.$oAppContext->GetForLink().'&a=1';
+		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/'.$oObj->GetUIPage().'?'.$sParams.'class='.get_class($oObj).'&id='.$oObj->getKey().$oAppContext->GetForLink(true).'&a=1';
 		$oPage->add_early_script(<<<JS
 	if (!sessionStorage.getItem('$sSessionStorageKey'))
 	{
@@ -3072,7 +3072,7 @@ JS
 		$oPage->add($oAppContext->GetForForm());

 		// Hook the cancel button via jQuery so that it can be unhooked easily as well if needed
-		$sDefaultUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search_form&class='.$sClass.'&'.$oAppContext->GetForLink();
+		$sDefaultUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search_form&class='.$sClass.$oAppContext->GetForLink(true);

 		$sCancelButtonOnClickScript = "let fOnClick{$this->m_iFormId}CancelButton = ";
 		if(isset($aExtraParams['js_handlers']['cancel_button_on_click'])){
--- a/application/dashlet.class.inc.php
+++ b/application/dashlet.class.inc.php
@@ -2138,7 +2138,7 @@ class DashletHeaderDynamic extends Dashlet
 		$oSet = new DBObjectSet($oFilter);
 		$iCount = $oSet->Count();
 		$oAppContext = new ApplicationContext();
-		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($oFilter->serialize());
+		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($oFilter->serialize());
 		$oSubTitle->AddHtml('<a class="summary" href="'.$sHyperlink.'">'.Dict::Format(str_replace('_', ':', $sSubtitle), $iCount).'</a>');

 		return $oPanel;
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -1124,7 +1124,7 @@ JS
 						$oSingleGroupByValueFilter->SetShowObsoleteData($this->m_bShowObsoleteData);
 					}
 					$sHyperlink = utils::GetAbsoluteUrlAppRoot()
-						.'pages/UI.php?operation=search&'.$oAppContext->GetForLink()
+						.'pages/UI.php?operation=search'.$oAppContext->GetForLink(true)
 						.'&filter='.rawurlencode($oSingleGroupByValueFilter->serialize());
 					$aCounts[$sStateValue] = ['link' => $sHyperlink, 'label' => $aCounts[$sStateValue]];
 				}
@@ -1232,7 +1232,7 @@ JS
 		$iCount = $this->m_oSet->Count();
 		$sClassLabel = MetaModel::GetName($sClass);
 		$sClassIconUrl = MetaModel::GetClassIcon($sClass, false);
-		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($this->m_oFilter->serialize());
+		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($this->m_oFilter->serialize());

 		$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
 		$aRefreshParams = [
@@ -1241,7 +1241,7 @@ JS
 		];

 		if (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY)) {
-			$sCreateActionUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=new&class='.$sClass.'&'.$oAppContext->GetForLink();
+			$sCreateActionUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=new&class='.$sClass.$oAppContext->GetForLink(true);
 			$sCreateActionLabel = Dict::Format('UI:Button:Create');
 			$oBlock = DashletFactory::MakeForDashletBadge($sClassIconUrl, $sHyperlink, $iCount, $sClassLabel, $sCreateActionUrl,
 				$sCreateActionLabel, $aRefreshParams);
@@ -1289,7 +1289,7 @@ JS

 			$aData = array();
 			$oAppContext = new ApplicationContext();
-			$sParams = $oAppContext->GetForLink();
+			$sParams = $oAppContext->GetForLink(true);
 			foreach ($aGroupBy as $iRow => $iCount) {
 				// Build the search for this subset
 				$oSubsetSearch = $this->m_oFilter->DeepClone();
@@ -1304,7 +1304,7 @@ JS

 				$aData[] = array(
 					'group' => $aLabels[$iRow],
-					'value' => "<a href=\"".utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&dosearch=1&$sParams&filter=$sFilter\">$iCount</a>"
+					'value' => "<a href=\"".utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&dosearch=1$sParams&filter=$sFilter\">$iCount</a>"
 				); // TO DO: add the context information
 			}
 			$aAttribs = array(
@@ -1636,7 +1636,7 @@ JS
 		$sGroupByExpr = isset($aExtraParams['group_by_expr']) ? '&params[group_by_expr]='.$aExtraParams['group_by_expr'] : '';
 		$sFilter = $this->m_oFilter->serialize(false, $aQueryParams);
 		$oContext = new ApplicationContext();
-		$sContextParam = $oContext->GetForLink();
+		$sContextParam = $oContext->GetForLink(true);
 		$sAggregationFunction = isset($aExtraParams['aggregation_function']) ? $aExtraParams['aggregation_function'] : '';
 		$sAggregationAttr = isset($aExtraParams['aggregation_attribute']) ? $aExtraParams['aggregation_attribute'] : '';
 		$sLimit = isset($aExtraParams['limit']) ? $aExtraParams['limit'] : '';
@@ -1644,7 +1644,7 @@ JS
 		$sOrderDirection = isset($aExtraParams['order_direction']) ? $aExtraParams['order_direction'] : '';

 		if (isset($aExtraParams['group_by_label'])) {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).$sContextParam;
 		} else {
 			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).'&'.$sContextParam;
 		}
@@ -1681,11 +1681,14 @@ JS
 		$oBlock = null;
 		$sJSURLs = '';

+		$oContext = new ApplicationContext();
+		$sContextParam = $oContext->GetForLink(true);
+
 		if (isset($aExtraParams['group_by'])) {
 			$this->MakeGroupByQuery($aExtraParams, $oGroupByExp, $sGroupByLabel, $aGroupBy, $sAggregationFunction, $sFctVar, $sAggregationAttr, $sSql);
 			$aRes = CMDBSource::QueryToArray($sSql);
-			$oContext = new ApplicationContext();
-			$sContextParam = $oContext->GetForLink();
+
+

 			$iTotalCount = 0;
 			$aURLs = array();
@@ -1705,14 +1708,14 @@ JS
 				$oSubsetSearch = $this->m_oFilter->DeepClone();
 				$oCondition = new BinaryExpression($oGroupByExp, '=', new ScalarExpression($sValue));
 				$oSubsetSearch->AddConditionExpression($oCondition);
-				$aURLs[] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&format=html&filter=".rawurlencode($oSubsetSearch->serialize()).'&'.$sContextParam;
+				$aURLs[] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&format=html&filter=".rawurlencode($oSubsetSearch->serialize()).$sContextParam;
 			}
 			$sJSURLs = json_encode($aURLs);
 		}
 		if (isset($aExtraParams['group_by_label'])) {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).$sContextParam;
 		} else {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).$sContextParam;
 		}

 		switch ($sChartType) {
@@ -1785,7 +1788,7 @@ JS

 		$oBlock->sCsvFile = strtolower($this->m_oFilter->GetClass()).'.csv';
 		$oBlock->sDownloadLink = utils::GetAbsoluteUrlAppRoot().'webservices/export.php?expression='.urlencode($this->m_oFilter->ToOQL(true)).'&format=csv&filename='.urlencode($oBlock->sCsvFile);
-		$oBlock->sLinkToToggle = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($this->m_oFilter->serialize()).'&format=csv';
+		$oBlock->sLinkToToggle = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($this->m_oFilter->serialize()).'&format=csv';
 		// Pass the parameters via POST, since expression may be very long
 		$aParamsToPost = array(
 			'expression' => $this->m_oFilter->ToOQL(true),
@@ -1885,10 +1888,7 @@ class MenuBlock extends DisplayBlock
 			&& (!isset($aExtraParams['menu']) || $aExtraParams['menu'] === "1" || $aExtraParams['menu'] === true)
 		) {
 			$oAppContext = new ApplicationContext();
-			$sContext = $oAppContext->GetForLink();
-			if (utils::IsNotNullOrEmptyString($sContext)) {
-				$sContext = '&'.$sContext;
-			}
+			$sContext = $oAppContext->GetForLink(true);


 			$sFilter = $this->GetFilter()->serialize();
@@ -2578,11 +2578,8 @@ class MenuBlock extends DisplayBlock
 		$sUrl = "{$sRootUrl}pages/{$sUIPage}?{$sUrlParams}";

 		$oAppContext = new ApplicationContext();
-		$sContext = $oAppContext->GetForLink();
-		if (utils::IsNotNullOrEmptyString($sContext)) {
-			$sUrl .= '&'.$sContext;
-		}
+		$sContext = $oAppContext->GetForLink(true);

-		return $sUrl;
+		return $sUrl . $sContext;
 	}
 }
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -1516,12 +1516,12 @@ class utils
 			case iPopupMenuExtension::MENU_OBJLIST_TOOLKIT:
 				/** @var \DBObjectSet $param */
 				$oAppContext = new ApplicationContext();
-				$sContext = $oAppContext->GetForLink();
+				$sContext = $oAppContext->GetForLink(true);
 				$sDataTableId = is_null($sDataTableId) ? '' : $sDataTableId;
 				$sUIPage = cmdbAbstractObject::ComputeStandardUIPage($param->GetFilter()->GetClass());
 				$sOQL = addslashes($param->GetFilter()->ToOQL(true));
 				$sFilter = urlencode($param->GetFilter()->serialize());
-				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter."&{$sContext}";
+				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter.$sContext;
 				$oContainerBlock->AddJsFileRelPath('js/tabularfieldsselector.js');
 				$oContainerBlock->AddJsFileRelPath('js/jquery.dragtable.js');
 				$oContainerBlock->AddCssFileRelPath('css/dragtable.css');
@@ -1696,8 +1696,8 @@ class utils
 		$oAppContext = new ApplicationContext();

 		$sUrl = $sAppRootUrl
-			.'pages/UI.php?operation=search&'
-			.$oAppContext->GetForLink()
+			.'pages/UI.php?operation=search'
+			.$oAppContext->GetForLink(true)
 			.'&filter='.rawurlencode($oDataTableSearchFilter->serialize());
 		$sUrl .= '&aParams='.rawurlencode($sParams); // Not working... yet, cause not handled by UI.php