Developer forum

Forum » Ecommerce - Standard features » Apostrophe in Field Facet results in a 404 blank page

Apostrophe in Field Facet results in a 404 blank page

E-mail notifications
Jan Sundgaard Schultz
Reply
Posted on 21/09/2017 08:32:58

Hello,

I have created a facet which includes a field facet called "Leverandoer".

One of the values in the field facet is "Aqua D'or Mineral Water A/S", when this is URL encoded, the URL looks like so:

/Default.aspx?ID=2&Leverandoer=Aqua+D%27or+Mineral+Water+A%2FS

ID=2 is the page with the Ecom Catalog.

This URL results in a "404 not found".

Other values that does not contain %27 works like expected.

What is the solution to this, considering it is a field facet and i am not able to explicitly define a key _and_ a value.


Replies

 
Nicolai Pedersen
Posted on 21/09/2017 08:57:32
Reply

Hi Jan

I think it is because 'or looks like a SQL injection attack... So it gets stopped by that engine.

So - you have to configure Dynamicweb to leave that querystring parameter alone when checking for sql injection attacks. See dump #1

Capture.PNG
 
Jan Sundgaard Schultz
Posted on 21/09/2017 14:35:10
Reply

Hi Nicolai,

If i disable the SQL INJECTION CHECK, the page loads fine, so you're right.

I have tried inserting "Leverandoer" into the "Ignore the following fieds" as you said, this does not work. It actually appears as if Dynamicweb ignores any information entered into this field (See this image: https://imgur.com/a/nOoXK)

Just for the fun of it, i cleared the "Ignore the following fields" field, and tried attempted using "Body" (i.e. /webshop?Body=Aqua+D%27or+Mineral+Water+A%2FS) which works perfectly well! :)

Anyway, i guess there may be a bug or something since DW is ignoring the entered fields. (And "Body" always by default).

I'm using DW version 9.2.17

 
Nicolai Pedersen
Posted on 21/09/2017 14:41:25
Reply
This post has been marked as an answer

No hardcoded values. Try setting Leverandoer again, spell it correctly (missing an r) and check the config file that it is in there, iisreset and try again.

Votes for this answer: 1

 

You must be logged in to post in the forum