wallabag icon indicating copy to clipboard operation
wallabag copied to clipboard
verified publisher icon wallabag

fix: inappropriate handling of escaped query arguments

Open Oppen opened this issue 1 year ago • 1 comments

The list(s) endpoints receive a JSON encoded list of URLs as a query param. Because it's a query param, it's escaped, so the json_decode method can't decode it without first calling urldecode. Also, the POST versions were accessing the elments as if they were the strings, rather than objects of the shape {'url':'<url>'}.

Q A
Bug fix? yes
New feature? yes/no
BC breaks? yes/no
Deprecations? yes/no
Tests pass? yes/no
Documentation yes/no
Translation yes/no
CHANGELOG.md yes/no
License MIT

Fixes #6928 Tested locally on my instance. I hope the CI will catch any pieces lost in translation :)

Oppen avatar Sep 27 '24 21:09 Oppen

I've checked it locally and in fact, it's just the OpenAPI example which is wrong. It's not [{'url': 'http://...'}, {'url': 'http://...'}] but it must be ['http://...', 'http://...'] instead.

The array must be an array of urls. Try it on your side with the proper array and you'll see it'll works as expected.

All in all, you spotted a problem in the API document. Can you convert bad array to the proper one? Thanks

j0k3r avatar Feb 07 '25 19:02 j0k3r

@Oppen @j0k3r do we agree that this, "as is", should be closed, and a PR fixing the API documentation should replace it?

yguedidi avatar Aug 17 '25 16:08 yguedidi

@yguedidi yep!

j0k3r avatar Aug 21 '25 08:08 j0k3r