fix(admin): keep the filter query intact in console pager and export links

The paginated users and messages lists interpolate the pre-encoded filter query (url.Values.Encode) after the "?" in their pager and CSV-export links. There html/template treats it as a single query value and percent-encodes the structural "=" and "&" again, so "kind=robots" rendered as "kind%3drobots" and the multi-pair message filter collapsed -- every page step dropped the active filter. Type FilterQuery as template.URL so the already-escaped fragment is emitted verbatim (the attribute-level "&" -> "&" stays correct, the browser decodes it back). It is safe because url.Values.Encode output is strictly percent-encoded. games/complaints use status={{.Status}} -- a single value in proper query-value context -- and were never affected.
2026-06-12 11:38:26 +02:00
parent 641ac88b2d
commit eeb078d528
3 changed files with 63 additions and 6 deletions
@@ -2,6 +2,7 @@ package adminconsole
 import (
 	"bytes"
 	"html/template"
 	"io/fs"
 	"strings"
 	"testing"
@@ -55,6 +56,56 @@ func TestRendererRendersEveryPage(t *testing.T) {
 	}
 }
 // TestPagerLinksPreserveFilterQuery guards the paginated lists whose links carry a
 // pre-encoded filter query (url.Values.Encode) past the page number. The query fragment
 // must reach the link verbatim: the contextual escaper would otherwise re-encode its
 // structural "=" and "&" (turning "kind=robots" into the broken "kind%3drobots"), dropping
 // the active filter on every page step. FilterQuery is typed template.URL to prevent that.
 func TestPagerLinksPreserveFilterQuery(t *testing.T) {
 	r := MustNewRenderer()
 	t.Run("users", func(t *testing.T) {
 		var buf bytes.Buffer
 		view := UsersView{Robots: true, FilterQuery: template.URL("kind=robots"), Pager: NewPager(2, 50, 200)}
 		if err := r.Render(&buf, "users", PageData{Title: "Users", Data: view}); err != nil {
 			t.Fatalf("render users: %v", err)
 		}
 		out := buf.String()
 		for _, want := range []string{
 			`href="/_gm/users?kind=robots&amp;page=1"`,
 			`href="/_gm/users?kind=robots&amp;page=3"`,
 		} {
 			if !strings.Contains(out, want) {
 				t.Errorf("users pager: missing %q in:\n%s", want, out)
 			}
 		}
 		if strings.Contains(out, "kind%3drobots") {
 			t.Error("users pager: filter query was double-encoded (kind%3drobots)")
 		}
 	})
 	t.Run("messages", func(t *testing.T) {
 		var buf bytes.Buffer
 		view := MessagesView{FilterQuery: template.URL("game=abc&user=def"), Pager: NewPager(2, 50, 200)}
 		if err := r.Render(&buf, "messages", PageData{Title: "Messages", Data: view}); err != nil {
 			t.Fatalf("render messages: %v", err)
 		}
 		out := buf.String()
 		for _, want := range []string{
 			`href="/_gm/messages.csv?game=abc&amp;user=def"`,
 			`href="/_gm/messages?game=abc&amp;user=def&amp;page=1"`,
 			`href="/_gm/messages?game=abc&amp;user=def&amp;page=3"`,
 		} {
 			if !strings.Contains(out, want) {
 				t.Errorf("messages pager: missing %q in:\n%s", want, out)
 			}
 		}
 		if strings.Contains(out, "%3d") || strings.Contains(out, "%26") {
 			t.Error("messages pager: filter query was double-encoded (%3d / %26)")
 		}
 	})
 }
 // TestRendererUnknownPage reports an error for a page that does not exist.
 func TestRendererUnknownPage(t *testing.T) {
 	r := MustNewRenderer()
@@ -51,11 +51,14 @@ type UsersView struct {
 	Items []UserRow
 	Pager Pager
 	// Robots is the active people/robots toggle; NameMask/ExternalIDMask are the current
-	// glob filters; FilterQuery is those encoded for pager/toggle links.
+	// glob filters; FilterQuery is those URL-encoded for the pager links. It is an
 	// already-escaped query fragment (url.Values.Encode), so it is typed template.URL to
 	// be emitted verbatim — interpolated as a plain string it would have its "=" and "&"
 	// percent-encoded again by the contextual escaper.
 	Robots         bool
 	NameMask       string
 	ExternalIDMask string
-	FilterQuery    string
+	FilterQuery    template.URL
 }
 // UserRow is one account row in the list. MoveMin/Avg/Max are the account's
@@ -77,7 +80,9 @@ type UserRow struct {
 // MessagesView is the paginated chat-message moderation list. NameMask/ExtMask are the
 // current sender glob filters; GameID/UserID pin the list to one game / sender (set from a
-// game or user card); FilterQuery is the active filters encoded for the pager links.
+// game or user card); FilterQuery is the active filters URL-encoded for the pager and CSV
 // links — an already-escaped query fragment, hence template.URL so it is not re-encoded
 // inside the link (see UsersView.FilterQuery).
 type MessagesView struct {
 	Items       []MessageRow
 	Pager       Pager
@@ -85,7 +90,7 @@ type MessagesView struct {
 	ExtMask     string
 	GameID      string
 	UserID      string
-	FilterQuery string
+	FilterQuery template.URL
 }
 // MessageRow is one chat message in the moderation list: its sender (linked to the user
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/csv"
 	"fmt"
 	"html/template"
 	"net/http"
 	"net/url"
 	"path/filepath"
@@ -108,7 +109,7 @@ func (s *Server) consoleUsers(c *gin.Context) {
 	view := adminconsole.UsersView{
 		Pager:  adminconsole.NewPager(page, adminPageSize, total),
 		Robots: filter.Robots, NameMask: filter.NameMask, ExternalIDMask: filter.ExternalIDMask,
-		FilterQuery: q.Encode(),
+		FilterQuery: template.URL(q.Encode()),
 	}
 	ids := make([]uuid.UUID, 0, len(items))
 	for _, it := range items {
@@ -174,7 +175,7 @@ func (s *Server) consoleMessages(c *gin.Context) {
 		Pager:       adminconsole.NewPager(page, adminPageSize, total),
 		NameMask:    filter.NameMask,
 		ExtMask:     filter.ExtMask,
-		FilterQuery: q.Encode(),
+		FilterQuery: template.URL(q.Encode()),
 	}
 	if filter.GameID != uuid.Nil {
 		view.GameID = filter.GameID.String()