[5/28] git commit: do not emit 0

Tue, 03 Jul 2012 05:22:37 -0700 

do not emit 0


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/4b962cee
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/4b962cee
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/4b962cee

Branch: refs/heads/sandbox/resourcefinder
Commit: 4b962ceefa4a6c4d38039674e9e26251986f59fa
Parents: 40a0df5
Author: Carl-Eric Menzel <cmen...@wicketbuch.de>
Authored: Tue Jul 3 00:07:02 2012 +0200
Committer: Carl-Eric Menzel <cmen...@wicketbuch.de>
Committed: Tue Jul 3 13:18:59 2012 +0200

----------------------------------------------------------------------
 .../org/apache/wicket/request/UrlDecoderTest.java  |   42 +++++++++++++++
 .../apache/wicket/util/encoding/UrlDecoder.java    |    7 +--
 2 files changed, 45 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/4b962cee/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
----------------------------------------------------------------------
diff --git 
a/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java 
b/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
new file mode 100644
index 0000000..90d913f
--- /dev/null
+++ b/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.request;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class UrlDecoderTest
+{
+       @Test
+       public void mustNotEmitNullByteForPath() throws Exception
+       {
+               String evil = "http://www.devil.com/highway/to%00hell";;
+               String decoded = UrlDecoder.PATH_INSTANCE.decode(evil, "UTF-8");
+               assertEquals(-1, decoded.indexOf('\0'));
+               assertEquals("http://www.devil.com/highway/toNULLhell";, 
decoded);
+       }
+
+       @Test
+       public void mustNotEmitNullByteForQuery() throws Exception
+       {
+               String evil = 
"http://www.devil.com/highway?destination=%00hell";;
+               String decoded = UrlDecoder.QUERY_INSTANCE.decode(evil, 
"UTF-8");
+               assertEquals(-1, decoded.indexOf('\0'));
+               
assertEquals("http://www.devil.com/highway?destination=NULLhell";, decoded);
+       }
+}

http://git-wip-us.apache.org/repos/asf/wicket/blob/4b962cee/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlDecoder.java
----------------------------------------------------------------------
diff --git 
a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlDecoder.java 
b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlDecoder.java
index 5f6d756..1bffa23 100644
--- a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlDecoder.java
+++ b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlDecoder.java
@@ -89,7 +89,6 @@ public class UrlDecoder
                        return null;
                }
 
-               boolean needToChange = false;
                int numChars = s.length();
                StringBuilder sb = new StringBuilder(numChars > 500 ? numChars 
/ 2 : numChars);
                int i = 0;
@@ -110,7 +109,6 @@ public class UrlDecoder
                                case '+' :
                                        sb.append(decodePlus ? ' ' : '+');
                                        i++;
-                                       needToChange = true;
                                        break;
 
                                case '%' :
@@ -163,7 +161,6 @@ public class UrlDecoder
                                                        "URLDecoder: Illegal 
hex characters in escape (%) pattern - " +
                                                                e.getMessage());
                                        }
-                                       needToChange = true;
                                        break;
 
                                default :
@@ -173,6 +170,8 @@ public class UrlDecoder
                        }
                }
 
-               return (needToChange ? sb.toString() : s);
+               // no trying to filter out bad escapes beforehand, just kill 
all null bytes here at the end,
+               // that way none will come through
+               return sb.toString().replace("\0", "NULL");
        }
 }
\ No newline at end of file

Reply via email to