[
https://issues.apache.org/jira/browse/WICKET-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Frank Bille Jensen updated WICKET-1624:
---------------------------------------
Fix Version/s: (was: 1.4-M2)
1.4-M3
> ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes servlet
> path
> ----------------------------------------------------------------------------------
>
> Key: WICKET-1624
> URL: https://issues.apache.org/jira/browse/WICKET-1624
> Project: Wicket
> Issue Type: Sub-task
> Components: wicket
> Affects Versions: 1.3.3, 1.4-M1
> Environment: Tomcat 6.0.16 on Mac OS X.
> Reporter: Doug Donohoe
> Assignee: Johan Compagner
> Priority: Blocker
> Fix For: 1.4-M3
>
> Attachments: bugs.jar
>
>
> The following line in ServletWebRequest.getRelativePathPrefixToContextRoot()
> String servletPath = RequestUtils.decode(getServletPath());
> causes problems with relative path for CSS and images. I believe it is
> because the servlet path is already URL decoded. Running it again causes
> things that shouldn't be decoded to be decoded. For example,
> %2B gets URL decoded to a plus (+). But, running it again causes any + to be
> decoded to a space. This causes the endsWith() check to fail when it
> shouldn't. Because that fails, more "../" get prepended than is correct.
> I'll attach a quickstart which demonstrates the problem.
> I think the fix is to remove the RequestUtils.decode() call above, but
> someone closer to the code might feel this breaks something.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
