From 909f82095f612502e31166da7cdf3fb83d4308e5 Mon Sep 17 00:00:00 2001
From: Angus McLeod <angus@mcleod.org.au>
Date: Sat, 19 Dec 2020 10:16:12 +1100
Subject: [PATCH] Encode each query param seperately using Addressable

---
 lib/custom_wizard/action.rb                  | 14 ++++--
 spec/components/custom_wizard/action_spec.rb | 52 +++++++++++++++-----
 spec/fixtures/actions/open_composer.json     | 14 ++++++
 3 files changed, 64 insertions(+), 16 deletions(-)
 create mode 100644 spec/fixtures/actions/open_composer.json

diff --git a/lib/custom_wizard/action.rb b/lib/custom_wizard/action.rb
index 50063759..68714bd4 100644
--- a/lib/custom_wizard/action.rb
+++ b/lib/custom_wizard/action.rb
@@ -269,8 +269,8 @@ class CustomWizard::Action
     params = basic_topic_params
                 
     if params[:title].present? && params[:raw].present?
-      url = "/new-topic?title=#{params[:title]}"
-      url += "&body=#{params[:raw]}"
+      url = "/new-topic?title=#{encode_query_param(params[:title])}"
+      url += "&body=#{encode_query_param(params[:raw])}"
             
       if category_id = action_category
         if category = Category.find_by(id: category_id)
@@ -282,10 +282,10 @@ class CustomWizard::Action
         url += "&tags=#{tags.join(',')}"
       end
       
-      route_to = Discourse.base_uri + UrlHelper.encode(url)
-      data['route_to'] = route_to
+      route_to = Discourse.base_uri + url
+      @result.output = data['route_to'] = route_to
       
-      log_info("route: #{route_to}")
+      log_success("route: #{route_to}")
     else
       log_error("invalid composer params", "title: #{params[:title]}; post: #{params[:raw]}")
     end    
@@ -691,6 +691,10 @@ class CustomWizard::Action
     user.user_avatar.save!
   end
   
+  def encode_query_param(param)
+    Addressable::URI.encode_component(param, Addressable::URI::CharacterClasses::UNRESERVED)
+  end
+  
   def log_success(message, detail = nil)
     @log.push("success: #{message} - #{detail}")
     @result.success = true
diff --git a/spec/components/custom_wizard/action_spec.rb b/spec/components/custom_wizard/action_spec.rb
index 1df5ca53..2e7aec24 100644
--- a/spec/components/custom_wizard/action_spec.rb
+++ b/spec/components/custom_wizard/action_spec.rb
@@ -5,6 +5,12 @@ describe CustomWizard::Action do
   fab!(:category) { Fabricate(:category, name: 'cat1', slug: 'cat-slug') }
   fab!(:group) { Fabricate(:group) }
   
+  let(:open_composer) {
+    JSON.parse(File.open(
+      "#{Rails.root}/plugins/discourse-custom-wizard/spec/fixtures/actions/open_composer.json"
+    ).read)
+  }
+  
   before do
     Group.refresh_automatic_group!(:trust_level_2)
     CustomWizard::Template.save(
@@ -99,18 +105,42 @@ describe CustomWizard::Action do
     expect(user.profile_background_upload.id).to eq(upload.id)
   end
   
-  it 'opens a composer' do
-    wizard = CustomWizard::Builder.new(@template[:id], user).build
-    wizard.create_updater(wizard.steps[0].id, step_1_field_1: "Text input").update
+  context "open composer" do
+    it 'works' do
+      wizard = CustomWizard::Builder.new(@template[:id], user).build
+      wizard.create_updater(wizard.steps[0].id, step_1_field_1: "Text input").update
+      
+      updater = wizard.create_updater(wizard.steps[1].id, {})
+      updater.update
+      
+      category = Category.find_by(id: wizard.current_submission['action_8'])
+      
+      expect(updater.result[:redirect_on_next]).to eq(
+        "/new-topic?title=Title%20of%20the%20composer%20topic&body=I%20am%20interpolating%20some%20user%20fields%20Angus%20angus%20angus%40email.com&category=#{category.slug}/#{category.id}&tags=tag1"
+      )
+    end
     
-    updater = wizard.create_updater(wizard.steps[1].id, {})
-    updater.update
-    
-    category = Category.find_by(id: wizard.current_submission['action_8'])
-    
-    expect(updater.result[:redirect_on_next]).to eq(
-      "/new-topic?title=Title%20of%20the%20composer%20topic&body=I%20am%20interpolating%20some%20user%20fields%20Angus%20angus%20angus@email.com&category=#{category.slug}/#{category.id}&tags=tag1"
-    )
+    it 'encodes special characters in the title and body' do
+      open_composer['title'][0]['output'] = "Title that's special $"
+      open_composer['post_template'] = "Body & more body & more body"
+      
+      wizard = CustomWizard::Wizard.new(@template, user)
+      
+      action = CustomWizard::Action.new(
+        wizard: wizard,
+        action: open_composer,
+        user: user,
+        data: {}
+      )
+      action.perform
+            
+      expect(action.result.success?).to eq(true)
+      
+      decoded_output = CGI.parse(URI.parse(action.result.output).query)
+      
+      expect(decoded_output['title'][0]).to eq("Title that's special $")
+      expect(decoded_output['body'][0]).to eq("Body & more body & more body")
+    end
   end
   
   it 'creates a category' do
diff --git a/spec/fixtures/actions/open_composer.json b/spec/fixtures/actions/open_composer.json
new file mode 100644
index 00000000..7eebf4ed
--- /dev/null
+++ b/spec/fixtures/actions/open_composer.json
@@ -0,0 +1,14 @@
+{
+  "id": "open_composer_action",
+  "type": "open_composer",
+  "title": [
+    {
+      "type": "assignment",
+      "output": "Title content",
+      "output_type": "text",
+      "output_connector": "set"
+    }
+  ],
+  "post_builder": true,
+  "post_template": "Post content"
+}
\ No newline at end of file