[
https://issues.apache.org/jira/browse/FELIX-5093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xavier Fournet updated FELIX-5093:
----------------------------------
Description:
The HttpServletRequest.getRequestURI must return the URI without processing %
escaping. Since version 3.1.0 this processing is done, so the returned value is
incorrect. For exemple this can lead to error in Apache Shiro when it try to
unescape % of an URI.
See the attached jar for a bundle that can be used to reproduce the problem:
* load the bundle
* with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test
With HTTP Jetty < 3.0.0 it prints:
{noformat}
Request URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.handler.ServletHandlerRequest)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.eclipse.jetty.server.Request)
{noformat}
=> request URI is ok
With HTTP Jetty 3.1.0 or 3.1.2 it prints:
{noformat}
Request URI: /requesturibug/test/test%test
(org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.eclipse.jetty.server.Request)
{noformat}
=> request URI is wrong while the underlying request URI returned by Jetty
itself is correct
was:
The HttpServletRequest.getRequestURI must return the URI without processing %
escaping. Since version 3.1.0 this processing is done, so the returned value is
incorrect. For exemple this can lead to error in Apache Shiro when it try to
unescape % of an URI.
See the attached jar for a bundle that can be used to reproduce the problem:
* load the bundle
* with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test
With HTTP Jetty < 3.0.0 it prints:
{noformat}
Request URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.handler.ServletHandlerRequest)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.eclipse.jetty.server.Request)
{noformat}
=> request URI is ok
With HTTP Jetty 3.0.0 or 3.0.2 it prints:
{noformat}
Request URI: /requesturibug/test/test%test
(org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper)
Wrapped URI: /requesturibug/test%2Ftest%25test
(org.eclipse.jetty.server.Request)
{noformat}
=> request URI is wrong while the underlying request URI returned by Jetty
itself is correct
> HttpServletRequest.getRequestURI is broken for escaped char in URL since 3.1.0
> ------------------------------------------------------------------------------
>
> Key: FELIX-5093
> URL: https://issues.apache.org/jira/browse/FELIX-5093
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-3.1.0, http.jetty-3.1.2
> Reporter: Xavier Fournet
> Priority: Blocker
>
> The HttpServletRequest.getRequestURI must return the URI without processing %
> escaping. Since version 3.1.0 this processing is done, so the returned value
> is incorrect. For exemple this can lead to error in Apache Shiro when it try
> to unescape % of an URI.
> See the attached jar for a bundle that can be used to reproduce the problem:
> * load the bundle
> * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test
> With HTTP Jetty < 3.0.0 it prints:
> {noformat}
> Request URI: /requesturibug/test%2Ftest%25test
> (org.apache.felix.http.base.internal.handler.ServletHandlerRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test
> (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test
> (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test
> (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is ok
> With HTTP Jetty 3.1.0 or 3.1.2 it prints:
> {noformat}
> Request URI: /requesturibug/test/test%test
> (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test
> (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is wrong while the underlying request URI returned by Jetty
> itself is correct
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
