[
https://issues.apache.org/jira/browse/WICKET-5463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sven Meier resolved WICKET-5463.
--------------------------------
Resolution: Fixed
Fix Version/s: 7.0.0
6.14.0
Assignee: Sven Meier
exception is now catched
> RequestUtil.getCharset(HttpServletRequest request) Resilience against
> unsupported Charsets in Request
> -----------------------------------------------------------------------------------------------------
>
> Key: WICKET-5463
> URL: https://issues.apache.org/jira/browse/WICKET-5463
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 6.11.0
> Environment: Tomcat 6.0.37
> Reporter: uwe.schaefer
> Assignee: Sven Meier
> Priority: Minor
> Fix For: 6.14.0, 7.0.0
>
>
> RequestUtil.getCharset(HttpServletRequest request) should not throw
> java.nio.charset.UnsupportedCharsetException but default to
> getDefaultCharset() or throw an Exception that leads
> ---- long version:
> crawling our logs, we found the above exception as a result of a weird
> request that set the following headers on a GET request:
> Content-Type: text/html; charset=auto
> I don't know which UserAgent sent that, but it happened and brought the
> following exception on tomcat 6.0.37:
> {code}
> java.nio.charset.UnsupportedCharsetException: auto
> at java.nio.charset.Charset.forName(Charset.java:543)
> at
> org.apache.wicket.protocol.http.RequestUtils.getCharset(RequestUtils.java:195)
> at
> org.apache.wicket.protocol.http.servlet.ServletWebRequest.getCharset(ServletWebRequest.java:476)
> at
> org.apache.wicket.protocol.http.servlet.ServletWebRequest.getContextRelativeUrl(ServletWebRequest.java:209)
> at
> org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:113)
> at
> org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
> at
> org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:448)
> at
> org.apache.wicket.protocol.http.WebApplication.createWebRequest(WebApplication.java:493)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:196)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> {code}
> even though we are not aware of the semantics of the above header, it
> can happen.
> to work around we extended a ServletWebRequest to add
> {code}
> public Charset getCharset() {
> try {
> return super.getCharset();
> } catch (UnsupportedCharsetException ignore) {
> return getDefaultCharset();
> }
> }
> {code}
> Now we are wondering, if RequestUtils:
> {code}
> public static Charset getCharset(HttpServletRequest request)
> {
> Charset charset = null;
> if (request != null)
> {
> String charsetName = request.getCharacterEncoding();
> if (charsetName != null)
> {
> charset = Charset.forName(charsetName);
> }
> }
> if (charset == null)
> {
> charset = getDefaultCharset();
> }
> return charset;
> }
> {code}
> should be more resilient to weird charsetNames coming from the container
> (like 'auto' in our example) and return the default charset or a better
> Exception that by default is mapped to HTTP StatusCode 406 ?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
