AbstractRequestTargetUrlCodingStrategy improper user of URLEncoder.encode
-------------------------------------------------------------------------
Key: WICKET-1627
URL: https://issues.apache.org/jira/browse/WICKET-1627
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.4-M1, 1.3.3, 1.3.2, 1.3.1
Environment: Tomcat or Jetty (probably others)
Reporter: Doug Donohoe
Fix For: 1.4-M2
The use of URLEncoder.encode is incorrect in this scenario. The URLEncoder is
meant for encoding query string values - not values that appear in the path
portion of a URI.
Because the AbstractRequestTargetUrlCodingStrategy is used by other classes to
encode values that appear in the path, problems can occur when that path has
spaces. For example, the parameter "message with spaces and+some+pluses" is
encoded as follows in a URL:
http://localhost:8080/bugs/home/message/message+with+spaces+and%2Bsome%2Bpluses/
However, the resulting request.getServletPath() call returns this:
/home/message/message+with+spaces+and+some+plusses=bug/
Note that the + in the path are not turned back into spaces. This is the
correct behavior and is seen in both Tomcat and Jetty.
See the RFC (http://www.ietf.org/rfc/rfc2396.txt) for a full description of
what should or should not be encoded.
/**
* Url encodes a string
*
* @param string
* string to be encoded
* @return encoded string
*/
protected String urlEncode(String string)
{
try
{
return URLEncoder.encode(string,
Application.get().getRequestCycleSettings()
.getResponseRequestEncoding());
}
catch (UnsupportedEncodingException e)
{
log.error(e.getMessage(), e);
return string;
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
