do not stop on 0
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/d699add0 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/d699add0 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/d699add0 Branch: refs/heads/sandbox/resourcefinder Commit: d699add00e58133173ad36ae4f280b0529bb9f5e Parents: 4b962ce Author: Carl-Eric Menzel <cmen...@wicketbuch.de> Authored: Tue Jul 3 00:13:23 2012 +0200 Committer: Carl-Eric Menzel <cmen...@wicketbuch.de> Committed: Tue Jul 3 13:19:02 2012 +0200 ---------------------------------------------------------------------- .../org/apache/wicket/request/UrlDecoderTest.java | 42 --------------- .../apache/wicket/util/encoding/UrlEncoder.java | 31 ++++------- .../wicket/util/encoding/UrlDecoderTest.java | 42 +++++++++++++++ .../wicket/util/encoding/UrlEncoderTest.java | 12 ++++- 4 files changed, 64 insertions(+), 63 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java ---------------------------------------------------------------------- diff --git a/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java b/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java deleted file mode 100644 index 90d913f..0000000 --- a/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.wicket.request; - -import static org.junit.Assert.assertEquals; - -import org.junit.Test; - -public class UrlDecoderTest -{ - @Test - public void mustNotEmitNullByteForPath() throws Exception - { - String evil = "http://www.devil.com/highway/to%00hell";; - String decoded = UrlDecoder.PATH_INSTANCE.decode(evil, "UTF-8"); - assertEquals(-1, decoded.indexOf('\0')); - assertEquals("http://www.devil.com/highway/toNULLhell";, decoded); - } - - @Test - public void mustNotEmitNullByteForQuery() throws Exception - { - String evil = "http://www.devil.com/highway?destination=%00hell";; - String decoded = UrlDecoder.QUERY_INSTANCE.decode(evil, "UTF-8"); - assertEquals(-1, decoded.indexOf('\0')); - assertEquals("http://www.devil.com/highway?destination=NULLhell";, decoded); - } -} http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java index 52044da..3f0e981 100644 --- a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java +++ b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java @@ -59,10 +59,6 @@ public class UrlEncoder // list of what not to decode protected BitSet dontNeedEncoding; - // E.g. "?" for FULL_PATH encoding when querystring has already been - // encoded. - private final char stopChar; - // used in decoding protected static final int caseDiff = ('a' - 'A'); @@ -72,7 +68,7 @@ public class UrlEncoder * * For example: http://org.acme/notthis/northis/oreventhis?buthis=isokay&asis=thispart */ - public static final UrlEncoder QUERY_INSTANCE = new UrlEncoder(Type.QUERY, '\0'); + public static final UrlEncoder QUERY_INSTANCE = new UrlEncoder(Type.QUERY); /** * Encoder used to encode components of a path.<br/> @@ -80,7 +76,7 @@ public class UrlEncoder * * For example: http://org.acme/foo/thispart/orthispart?butnot=thispart */ - public static final UrlEncoder PATH_INSTANCE = new UrlEncoder(Type.PATH, '\0'); + public static final UrlEncoder PATH_INSTANCE = new UrlEncoder(Type.PATH); /** * Encoder used to encode all path segments. Querystring will be excluded.<br/> @@ -88,20 +84,18 @@ public class UrlEncoder * * For example: http://org.acme/foo/thispart/orthispart?butnot=thispart */ - public static final UrlEncoder FULL_PATH_INSTANCE = new UrlEncoder(Type.FULL_PATH, '?'); + public static final UrlEncoder FULL_PATH_INSTANCE = new UrlEncoder(Type.FULL_PATH); + + private final Type type; /** * Allow subclass to call constructor. * * @param type * encoder type - * @param stopChar - * stop encoding when stopChar found */ - protected UrlEncoder(final Type type, final char stopChar) + protected UrlEncoder(final Type type) { - this.stopChar = stopChar; - /* * This note from java.net.URLEncoder ================================== * @@ -150,6 +144,7 @@ public class UrlEncoder * query =( pchar / "/" / "?" ) */ + this.type = type; // unreserved dontNeedEncoding = new BitSet(256); int i; @@ -191,7 +186,7 @@ public class UrlEncoder // encoding type-specific switch (type) { - // this code consistent with java.net.URLEncoder version + // this code consistent with java.net.URLEncoder version case QUERY : // encoding a space to a + is done in the encode() method dontNeedEncoding.set(' '); @@ -257,9 +252,9 @@ public class UrlEncoder * @return encoded string * @see java.net.URLEncoder#encode(String, String) */ - public String encode(final String s, final String charsetName) + public String encode(final String unsafeInput, final String charsetName) { - boolean needToChange = false; + final String s = unsafeInput.replace("\0", "NULL"); StringBuilder out = new StringBuilder(s.length()); Charset charset; CharArrayWriter charArrayWriter = new CharArrayWriter(); @@ -284,7 +279,7 @@ public class UrlEncoder { int c = s.charAt(i); - if ((stopEncoding == false) && (c == stopChar)) + if ((stopEncoding == false) && (c == '?' && type == Type.FULL_PATH)) { stopEncoding = true; } @@ -295,7 +290,6 @@ public class UrlEncoder if (c == ' ') { c = '+'; - needToChange = true; } // System.out.println("Storing: " + c); out.append((char)c); @@ -361,10 +355,9 @@ public class UrlEncoder out.append(ch); } charArrayWriter.reset(); - needToChange = true; } } - return (needToChange ? out.toString() : s); + return out.toString(); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java new file mode 100644 index 0000000..6564fd6 --- /dev/null +++ b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.util.encoding; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; + +public class UrlDecoderTest +{ + @Test + public void mustNotEmitNullByteForPath() throws Exception + { + String evil = "http://www.devil.com/highway/to%00hell";; + String decoded = UrlDecoder.PATH_INSTANCE.decode(evil, "UTF-8"); + assertEquals(-1, decoded.indexOf('\0')); + assertEquals("http://www.devil.com/highway/toNULLhell";, decoded); + } + + @Test + public void mustNotEmitNullByteForQuery() throws Exception + { + String evil = "http://www.devil.com/highway?destination=%00hell";; + String decoded = UrlDecoder.QUERY_INSTANCE.decode(evil, "UTF-8"); + assertEquals(-1, decoded.indexOf('\0')); + assertEquals("http://www.devil.com/highway?destination=NULLhell";, decoded); + } +} http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java ---------------------------------------------------------------------- diff --git a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java index 6679a63..3691c74 100644 --- a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java +++ b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java @@ -41,13 +41,21 @@ public class UrlEncoderTest extends Assert /** * Do not encode semicolon in the Url's path because it is used in ';jsessionid=...' - * + * * https://issues.apache.org/jira/browse/WICKET-4409 */ @Test public void dontEncodeSemicolon() { - String encoded = UrlEncoder.PATH_INSTANCE.encode("path;jsessionid=1234567890", CharEncoding.UTF_8); + String encoded = UrlEncoder.PATH_INSTANCE.encode("path;jsessionid=1234567890", + CharEncoding.UTF_8); assertEquals("path;jsessionid=1234567890", encoded); } + + @Test + public void dontStopOnNullByte() throws Exception + { + assertEquals("someone%27s%20badNULL%20url", + UrlEncoder.FULL_PATH_INSTANCE.encode("someone's bad\0 url", CharEncoding.UTF_8)); + } }
