[ https://issues.apache.org/jira/browse/OFBIZ-10275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brohl closed OFBIZ-10275. --------------------------------- Resolution: Fixed Fix Version/s: Upcoming Branch 16.11.05 17.12.01 Thanks Martin, your patch is in trunk r1826592 release17.12 r1826594 release16.11 r1826595 > UtilCodec URL decoding breaks values with german umlauts > -------------------------------------------------------- > > Key: OFBIZ-10275 > URL: https://issues.apache.org/jira/browse/OFBIZ-10275 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Trunk > Reporter: Martin Becker > Assignee: Michael Brohl > Priority: Major > Fix For: 17.12.01, 16.11.05, Upcoming Branch > > Attachments: OFBIZ-10275_UrlCodec_decode_via_URLDecoder.patch > > > ...and other UTF-8 characters encoded in two hex. values like in this example: > {code:java} > String example = "/webcontent/example_öl.jpg"; > String encoded = UtilCodec.getEncoder("url").encode(example); > System.out.println(encoded); > => "%2Fwebcontent%2Fexample_%C3%B6l.jpg" > String decoded = UtilCodec.getDecoder("url").decode(encoded); > System.out.println(decoded); > => "/webcontent/example_öl.jpg"{code} > > The reason for this is the OWASP ESAPI PercentCodec implementation used > within the method UtilCodec.canonicalize, called before the proper decoding > via java.net.URLDecoder here: > {code:java} > public String decode(String original) { > try { > String canonical = canonicalize(original); > return URLDecoder.decode(canonical, "UTF-8"); > } catch (UnsupportedEncodingException ee) { > Debug.logError(ee, module); > return null; > } > }{code} > > The fix could be to only use the canonicalize logic to check the original > value for double/mixed encoding and to encode the original value afterwards > via URLDecoder instead of using the canonicalize output for this. > This way the UrlCodec decode method matches the encode method by only using > URLDecoder / URLEncoder for doing the main job. -- This message was sent by Atlassian JIRA (v7.6.3#76005)