[Stripes-dev] [JIRA] Created: (STS-899) Stripes decodes already-decoded URI

Tue, 12 Mar 2013 07:16:20 -0700 

Stripes decodes already-decoded URI
-----------------------------------

                 Key: STS-899
                 URL: http://www.stripesframework.org/jira/browse/STS-899
             Project: Stripes
          Issue Type: Bug
          Components: ActionBean Dispatching
    Affects Versions: Release 1.5.7
         Environment: Tomcat 7.0.37 on Mac OS X
Tomcat 7.0.27 on Linux

            Reporter: Peter Štibraný


GET /zip/DownloadZip.action/Len%25ovo.zip HTTP/1.1
Host: localhost:8080
...

fails with following exception: 

java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in 
escape (%) pattern - For input string: "ov"
        at java.net.URLDecoder.decode(URLDecoder.java:173)
        at net.sourceforge.stripes.util.StringUtil.urlDecode(StringUtil.java:90)
        at 
net.sourceforge.stripes.util.HttpUtil.getRequestedPath(HttpUtil.java:59)
        at 
net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:220)
        at 
net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:418)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

for action with @UrlBinding("/zip/DownloadZip.action/{archiveName}").

Problem is that HttpUtil.getRequestedPath uses StringUtil.urlDecode to decode 
servletPath + pathInfo, however both request.servletPath and request.pathInfo 
are already decoded by Servlet Container, as mentioned in the documentation.

In our case, servletPath returns "/zip/DownloadZip.action/Len%ovo.zip" while 
pathInfo returns null. HttpUtil then tries to decode this string, which fails.

However it should not even try to do the decoding on its own.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to