Can't search for certain strings due to extraneous URLDecode()

Description

contentbox-ui/handlers/page.cfc has an unnecessary call to URLDecode in the search action:

ColdFusion already decodes form and URL variables so there is no need to manually decode them. Furthermore, this actually breaks the search functionality if a user is trying to search for a string that happens to contain a URL encoded entity. For example, if a page contains the text "%26" and you try to search your site for the string "%26", you can't because the search handler will incorrectly turn the "%26" into "&" and search for an ampersand instead.

The two lines of code above need to simply be removed from the search action. If there was some related functionality that was dependent on the decoding, it is probably incorrect.

Activity

Show:
Brad Wood
May 28, 2013, 8:38 PM
Fixed

Assignee

Luis Majano

Reporter

Brad Wood

Labels

None

Components

Fix versions

Priority

Major
Configure