[
https://issues.apache.org/jira/browse/WICKET-1627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596509#action_12596509
]
Doug Donohoe commented on WICKET-1627:
--------------------------------------
I have code working to fix this. It is a bit involved - it took me all day to
figure it out and I had to dig into the RFC2396 as well as jetty/tomcat source.
I'll post the code shortly. I think there is another possible bug related to
this area which I'll also note shortly.
The problem boils down to the fact that you have to URL encode differently
based on whether it is a query string parameter (?foo=bar) or a path parameter
(/foo/bar/).
> AbstractRequestTargetUrlCodingStrategy improper user of URLEncoder.encode
> -------------------------------------------------------------------------
>
> Key: WICKET-1627
> URL: https://issues.apache.org/jira/browse/WICKET-1627
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.1, 1.3.2, 1.3.3, 1.4-M1
> Environment: Tomcat or Jetty (probably others)
> Reporter: Doug Donohoe
> Fix For: 1.4-M2
>
>
> The use of URLEncoder.encode is incorrect in this scenario. The URLEncoder
> is meant for encoding query string values - not values that appear in the
> path portion of a URI.
> Because the AbstractRequestTargetUrlCodingStrategy is used by other classes
> to encode values that appear in the path, problems can occur when that path
> has spaces. For example, the parameter "message with spaces
> and+some+pluses" is encoded as follows in a URL:
> http://localhost:8080/bugs/home/message/message+with+spaces+and%2Bsome%2Bpluses/
> However, the resulting request.getServletPath() call returns this:
> /home/message/message+with+spaces+and+some+plusses=bug/
> Note that the + in the path are not turned back into spaces. This is the
> correct behavior and is seen in both Tomcat and Jetty.
> See the RFC (http://www.ietf.org/rfc/rfc2396.txt) for a full description of
> what should or should not be encoded.
> /**
> * Url encodes a string
> *
> * @param string
> * string to be encoded
> * @return encoded string
> */
> protected String urlEncode(String string)
> {
> try
> {
> return URLEncoder.encode(string,
> Application.get().getRequestCycleSettings()
> .getResponseRequestEncoding());
> }
> catch (UnsupportedEncodingException e)
> {
> log.error(e.getMessage(), e);
> return string;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
