[jira] [Commented] (SLING-13144) PostServlet with space in :redirect

Tue, 24 Mar 2026 01:05:06 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-13144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067941#comment-18067941
 ] 

Dirk Tschentscher commented on SLING-13144:
-------------------------------------------

thx to first responder:

 
{quote}having a quick look at the implementation [1] it looks for me that the 
sling post servlet should encode the URI before passing it into the URI class. 
the URI class is only used as a validation, it's result is not used for 
anything.
the URL itself is encoded later in [2] before doing the redirect.
but the code fails already on [1] wrongly assuming the passed in URL is always 
safe to parse without encoding. if it is not but handed in encoded, it's 
encoded twice.

so it definitely looks like a bug for me - there are also unit tests missing 
for redirect URLs that need escaping.

can you create a SLING bug ticket for this? (and optionally come up with a PR?)

stefan

[1] 
[https://github.com/apache/sling-org-apache-sling-servlets-post/blob/271cd07466fc3c82dbbc9500c16af28a3ed9b9d1/src/main/java/org/apache/sling/servlets/post/impl/SlingPostServlet.java#L446-L449]
[2] 
[https://github.com/apache/sling-org-apache-sling-servlets-post/blob/271cd07466fc3c82dbbc9500c16af28a3ed9b9d1/src/main/java/org/apache/sling/servlets/post/impl/SlingPostServlet.java#L341-L364]
{quote}

> PostServlet with space in :redirect
> -----------------------------------
>
>                 Key: SLING-13144
>                 URL: https://issues.apache.org/jira/browse/SLING-13144
>             Project: Sling
>          Issue Type: Bug
>          Components: Servlets
>            Reporter: Dirk Tschentscher
>            Priority: Minor
>
> I update data via PostSevlet and replace the markup fragment with the 
> changes.  
> Therefore I send ':redirect=/content/new.html' with the post.  
>   
> However, I have content paths with spaces, legacy reasons...  
>  
> Either I have a '  ' in there ->
> {{URISyntaxException: Illegal character in path at index ... 
> SlingPostServlet.getRedirectUrl(SlingPostServlet.java:449) 
> [org.apache.sling.servlets.post:3.0.0]}}
>  
> Or I encode it as %20, but then I'm getting %20 encoded again as %2520 in 
> location header:
>  
> {code:java}
> curl -i -Ftitle="my redirect" -F:redirect="/content/new/my%20space.json" 
> http://admin:admin@localhost:8080/new/content/my%20space
>   {code}
> Location: http://localhost:8080/new/my%2520space.json
>  
> {{--> "Error 400 Ambiguous URI path encoding"}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to