ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes servlet
path
----------------------------------------------------------------------------------
Key: WICKET-1624
URL: https://issues.apache.org/jira/browse/WICKET-1624
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.4-M1, 1.3.3
Environment: Tomcat 6.0.16 on Mac OS X.
Reporter: Doug Donohoe
Priority: Blocker
Fix For: 1.4-M2
The following line in ServletWebRequest.getRelativePathPrefixToContextRoot()
String servletPath = RequestUtils.decode(getServletPath());
causes problems with relative path for CSS and images. I believe it is because
the servlet path is already URL decoded. Running it again causes things that
shouldn't be decoded to be decoded. For example,
%2B gets URL decoded to a plus (+). But, running it again causes any + to be
decoded to a space. This causes the endsWith() check to fail when it
shouldn't. Because that fails, more "../" get prepended than is correct.
I'll attach a quickstart which demonstrates the problem.
I think the fix is to remove the RequestUtils.decode() call above, but someone
closer to the code might feel this breaks something.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
