oglueck 2004/09/30 10:26:41 Modified: httpclient/src/java/org/apache/commons/httpclient HttpsURL.java HttpURL.java httpclient/src/test/org/apache/commons/httpclient TestURI.java Log: Fixed escaping problem in userinfo: * Added test cases. * Changed the contract of all HttpURL and HttpsURL constructors accepting a userinfo field to expect the userinfo in URL escaped form. * Removed some code duplication. PR: 28728 Reviewed by: Michael Becke Revision Changes Path 1.11 +45 -30 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpsURL.java Index: HttpsURL.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpsURL.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- HttpsURL.java 14 May 2004 09:47:34 -0000 1.10 +++ HttpsURL.java 30 Sep 2004 17:26:41 -0000 1.11 @@ -120,7 +120,6 @@ */ public HttpsURL(String host, int port, String path) throws URIException { this(null, host, port, path, null, null); - checkValid(); } @@ -138,7 +137,6 @@ throws URIException { this(null, host, port, path, query, null); - checkValid(); } @@ -154,10 +152,7 @@ public HttpsURL(String user, String password, String host) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, -1, null, null, null); - checkValid(); + this(user, password, host, -1, null, null, null); } @@ -174,10 +169,7 @@ public HttpsURL(String user, String password, String host, int port) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, null, null, null); - checkValid(); + this(user, password, host, port, null, null, null); } @@ -195,10 +187,7 @@ public HttpsURL(String user, String password, String host, int port, String path) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, path, null, null); - checkValid(); + this(user, password, host, port, path, null, null); } @@ -217,10 +206,7 @@ public HttpsURL(String user, String password, String host, int port, String path, String query) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, path, query, null); - checkValid(); + this(user, password, host, port, path, query, null); } @@ -238,14 +224,17 @@ throws URIException { this(null, host, -1, path, query, fragment); - checkValid(); } /** * Construct a HTTPS URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param path the path string * @param query the query string @@ -257,14 +246,17 @@ String fragment) throws URIException { this(userinfo, host, -1, path, query, fragment); - checkValid(); } /** * Construct a HTTPS URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -275,14 +267,17 @@ throws URIException { this(userinfo, host, port, path, null, null); - checkValid(); } /** * Construct a HTTPS URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -294,14 +289,17 @@ String query) throws URIException { this(userinfo, host, port, path, query, null); - checkValid(); } /** * Construct a HTTPS URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -320,7 +318,7 @@ buff.append(_default_scheme); buff.append("://"); if (userinfo != null) { - buff.append(URIUtil.encode(userinfo, URI.allowed_userinfo)); + buff.append(userinfo); buff.append('@'); } if (host != null) { @@ -350,6 +348,23 @@ checkValid(); } + /** + * Construct a HTTP URL from given components. + * + * @param user the user name + * @param password his or her password + * @param host the host string + * @param port the port number + * @param path the path string + * @param query the query string + * @param fragment the fragment string + * @throws URIException If [EMAIL PROTECTED] #checkValid()} fails + * @see #getDefaultProtocolCharset + */ + public HttpsURL(String user, String password, String host, int port, + String path, String query, String fragment) throws URIException { + this(HttpURL.toUserinfo(user, password), host, port, path, query, fragment); + } /** * Construct a HTTPS URL with a given relative HTTPS URL string. 1.18 +60 -33 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpURL.java Index: HttpURL.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpURL.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- HttpURL.java 2 May 2004 15:19:15 -0000 1.17 +++ HttpURL.java 30 Sep 2004 17:26:41 -0000 1.18 @@ -117,8 +117,7 @@ * @see #getDefaultProtocolCharset */ public HttpURL(String host, int port, String path) throws URIException { - this(null, host, port, path, null, null); - checkValid(); + this(null, null, host, port, path, null, null); } @@ -135,8 +134,7 @@ public HttpURL(String host, int port, String path, String query) throws URIException { - this(null, host, port, path, query, null); - checkValid(); + this(null, null, host, port, path, query, null); } @@ -152,10 +150,7 @@ public HttpURL(String user, String password, String host) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, -1, null, null, null); - checkValid(); + this(user, password, host, -1, null, null, null); } @@ -172,10 +167,7 @@ public HttpURL(String user, String password, String host, int port) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, null, null, null); - checkValid(); + this(user, password, host, port, null, null, null); } @@ -193,10 +185,7 @@ public HttpURL(String user, String password, String host, int port, String path) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, path, null, null); - checkValid(); + this(user, password, host, port, path, null, null); } @@ -215,10 +204,7 @@ public HttpURL(String user, String password, String host, int port, String path, String query) throws URIException { - this((user == null) ? null : user - + ((password == null) ? "" : ':' + password), - host, port, path, query, null); - checkValid(); + this(user, password, host, port, path, query, null); } @@ -235,15 +221,18 @@ public HttpURL(String host, String path, String query, String fragment) throws URIException { - this(null, host, -1, path, query, fragment); - checkValid(); + this(null, null, host, -1, path, query, fragment); } /** * Construct a HTTP URL from given components. + * + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. * - * @param userinfo the userinfo string + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param path the path string * @param query the query string @@ -255,14 +244,17 @@ String fragment) throws URIException { this(userinfo, host, -1, path, query, fragment); - checkValid(); } /** * Construct a HTTP URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -273,14 +265,17 @@ throws URIException { this(userinfo, host, port, path, null, null); - checkValid(); } /** * Construct a HTTP URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -292,14 +287,17 @@ String query) throws URIException { this(userinfo, host, port, path, query, null); - checkValid(); } /** * Construct a HTTP URL from given components. * - * @param userinfo the userinfo string + * Note: The <code>userinfo</code> format is normally + * <code><username>:<password></code> where + * username and password must both be URL escaped. + * + * @param userinfo the userinfo string whose parts are URL escaped * @param host the host string * @param port the port number * @param path the path string @@ -318,7 +316,7 @@ buff.append(_default_scheme); buff.append("://"); if (userinfo != null) { - buff.append(URIUtil.encode(userinfo, URI.allowed_userinfo)); + buff.append(userinfo); buff.append('@'); } if (host != null) { @@ -346,6 +344,35 @@ } parseUriReference(buff.toString(), true); checkValid(); + } + + + /** + * Construct a HTTP URL from given components. + * + * @param user the user name + * @param password his or her password + * @param host the host string + * @param port the port number + * @param path the path string + * @param query the query string + * @param fragment the fragment string + * @throws URIException If [EMAIL PROTECTED] #checkValid()} fails + * @see #getDefaultProtocolCharset + */ + public HttpURL(String user, String password, String host, int port, + String path, String query, String fragment) throws URIException { + this(toUserinfo(user, password), host, port, path, query, fragment); + } + + protected static String toUserinfo(String user, String password) throws URIException { + if (user == null) return null; + StringBuffer usrinfo = new StringBuffer(20); //sufficient for real world + usrinfo.append(URIUtil.encode(user, URI.allowed_within_userinfo)); + if (password == null) return usrinfo.toString(); + usrinfo.append(':'); + usrinfo.append(URIUtil.encode(password, URI.allowed_within_userinfo)); + return usrinfo.toString(); } 1.12 +19 -9 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestURI.java Index: TestURI.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestURI.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- TestURI.java 14 May 2004 09:47:34 -0000 1.11 +++ TestURI.java 30 Sep 2004 17:26:41 -0000 1.12 @@ -188,11 +188,16 @@ assertEquals("http://localhost/", url.toString()); assertEquals("user:[EMAIL PROTECTED]", url.getAuthority()); - url = new HttpURL("user", "pass#", "localhost", 8080, "/"); + url = new HttpURL("user#@", "pass#@", "localhost", 8080, "/"); assertEquals("http://localhost:8080/", url.toString()); - assertEquals("user:pass#", url.getUserinfo()); - assertEquals("user:pass%23", url.getEscapedUserinfo()); + assertEquals("user#@:pass#@", url.getUserinfo()); + assertEquals("user%23%40:pass%23%40", url.getEscapedUserinfo()); + url = new HttpURL("user%23%40:pass%23%40", "localhost", 8080, "/"); + assertEquals("http://localhost:8080/", url.toString()); + assertEquals("user#@:pass#@", url.getUserinfo()); + assertEquals("user%23%40:pass%23%40", url.getEscapedUserinfo()); + url = new HttpURL("localhost", 8080, "/"); assertEquals("http://localhost:8080/", url.toString()); url.setRawUserinfo("user".toCharArray(), "password".toCharArray()); @@ -207,10 +212,15 @@ assertEquals("https://localhost/", url.toString()); assertEquals("user:[EMAIL PROTECTED]", url.getAuthority()); - url = new HttpsURL("user", "pass#", "localhost", 8080, "/"); + url = new HttpsURL("user#@", "pass#@", "localhost", 8080, "/"); + assertEquals("https://localhost:8080/", url.toString()); + assertEquals("user#@:pass#@", url.getUserinfo()); + assertEquals("user%23%40:pass%23%40", url.getEscapedUserinfo()); + + url = new HttpsURL("user%23%40:pass%23%40", "localhost", 8080, "/"); assertEquals("https://localhost:8080/", url.toString()); - assertEquals("user:pass#", url.getUserinfo()); - assertEquals("user:pass%23", url.getEscapedUserinfo()); + assertEquals("user#@:pass#@", url.getUserinfo()); + assertEquals("user%23%40:pass%23%40", url.getEscapedUserinfo()); url = new HttpsURL("localhost", 8080, "/"); assertEquals("https://localhost:8080/", url.toString());
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]