In BaseX v11.6 an error occurs when passing a value via "%rest:form-param" in combination with a security function.
The example below consists of two RESTXQ functions "p:post" and "p:form". After submitting the form with a value for input "resource-id" the following error occurs in function "p:post":
Stopped at /usr/local/basex/webapp/ui/problem.xqm, 16/10:
[basex:restxq] Value of "resource-id" must be xs:string, supplied: ().
Example module problem.xqm:
module namespace p = 'problem';
declare
%perm:check('/p', '{$perm}')
function p:check(
$perm as map(*)
) as element(rest:response)? {
};
declare
%rest:path('/p/post')
%rest:POST
%rest:form-param("resource-id", "{$resource-id}")
%output:method('html')
%output:version('5.0')
function p:post(
$resource-id as xs:string
) {
<div>
<p>$resource-id={$resource-id}</p>
</div>
};
declare
%rest:path('/p/form')
%rest:GET
%output:method('html')
%output:version('5.0')
function p:form() {
<div>
<form method="post" action="/p/post">
<input type="text" name="resource-id" id="resource-id" required="required"/><br/>
<button type="submit">Ok</button>
</form>
</div>
};
The described behavior is caused by the security function "p:check".
- If you remove the security function "p:check" it works fine.
- If you replace `%rest:form-param` with `%rest:query-param` it also works fine, but that doesn't seem right to me.
Is this a bug or do I something wrong?