This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch 3.4.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 83c20fb20beaa8706981c07b746f057ef468750a Author: Andriy Redko <[email protected]> AuthorDate: Sun Sep 18 14:36:00 2022 -0400 CXF-8698: Content-ID of attachments for outgoing requests are URL-decoded instead of URL-encoded (limiting decoding only to % encoded characters) (#993) (cherry picked from commit c430bbb87042d4cb6db947820e73be0347a1e203) (cherry picked from commit 98797ffa3ed4a2648e462a8cc5dceb84624903ba) --- .../java/org/apache/cxf/attachment/AttachmentSerializer.java | 10 ++++++++-- .../org/apache/cxf/attachment/AttachmentSerializerTest.java | 5 +++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java index 033d33d083..decb2526d1 100644 --- a/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java +++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java @@ -26,6 +26,7 @@ import java.io.StringWriter; import java.io.Writer; import java.net.URLDecoder; import java.net.URLEncoder; +import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Iterator; @@ -225,8 +226,8 @@ public class AttachmentSerializer { // remaining parts with an angle bracket pair, "<" and ">". // if (attachmentId.startsWith("cid:")) { - writer.write(URLDecoder.decode(attachmentId.substring(4), - StandardCharsets.UTF_8.name())); + writer.write(decode(attachmentId.substring(4), + StandardCharsets.UTF_8)); } else { // // RFC-2392 (https://datatracker.ietf.org/doc/html/rfc2392) says: @@ -371,4 +372,9 @@ public class AttachmentSerializer { this.xop = xop; } + // URL decoder would also decode '+' but according to RFC-2392 we need to convert + // only the % encoded character to their equivalent US-ASCII characters. + private static String decode(String s, Charset charset) { + return URLDecoder.decode(s.replaceAll("([^%])[+]", "$1%2B"), charset); + } } diff --git a/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java b/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java index 2c6c1cd249..9d7bcd228c 100644 --- a/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java +++ b/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java @@ -187,6 +187,11 @@ public class AttachmentSerializerTest { public void testMessageMTOMUrlDecoded() throws Exception { doTestMessageMTOM("test+me.xml", "<test%2Bme.xml>"); } + + @Test + public void testMessageMTOMUrlDecodedCid() throws Exception { + doTestMessageMTOM("cid:test+me.xml", "<test+me.xml>"); + } private void doTestMessageMTOM(String contentId, String expectedContentId) throws Exception { MessageImpl msg = new MessageImpl();
