Slash separated URL's cannot have URL parameters with value containing forward
slash '/'
----------------------------------------------------------------------------------------
Key: WICKET-1303
URL: https://issues.apache.org/jira/browse/WICKET-1303
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.3.0-final
Environment: Tomcat 6.0.14, Firefox 2.0.0.11, Windows XP SP2
Reporter: Mika Salminen
Priority: Minor
There seems to be an issue with URL parameters encoded into path in form
"/page/param1/val1" with handling parameter values with forward slash ('/').
The slash is correctly URL-encoded to entity '%2F' so that for example
parameter key/value pair 'foo' => 'b/a/r' is encoded into url like:
'/page/foo/b%2Fa%2Fr'. The problem is that Tomcat returns error or empty page
with this url.
I tested and researched a little bit and found out that this is Tomcat related
issue. In versions >= 6.0.10 Tomcat does not allow entities '%2F' and '%5C in
path by default so it responds with error (or empty page) when it encounters
one of them in URL's path part. More information can be found on
http://tomcat.apache.org/security-6.html, under header "Fixed in Apache Tomcat
6.0.10". I tried according to the document to turn system property
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH to true, to allow
encoded slashes in path, and got the request with '%2F' in path through.
I think that PageParameters in wicket should be easy to use, so that user does
not have to worry about the contents of the parameter, so something should be
done to this issue.
I managed to get around this issue by double encoding the parameter values with
URLEncoder. I encoded the PageParameter map parameter values with URLEncoder
and replaced all occurences of '%' in resulting text with '=' before passing it
forward. So only entity that is left to be encoded by the framework
(AbstractRequestTargetUrlCodingStrategy) is '=' which becomes "%3D" so "foo" =>
"b/a/r" becomes encoded in URL like: "/page/foo/b%3D2Fa%3D2Fr". Decoding of URL
is done by opposite operation sequence: framework decodes the parameter for me
to form b=2Fa=2Fr and after that I replace '=' with '%' and the replaced
string is further decoded with URLDecoder. Not very beautiful solution but
seems to work as a quick fix and leaves non-special characters unaffected. As a
little downside two extra characters are needed to encode every special
character.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
