[jira] [Created] (OLINGO-547) Ampersands in query parameter values cause ExpressionParserExceptions

Thu, 29 Jan 2015 12:37:12 -0800 

Wendy Tamm created OLINGO-547:
---------------------------------

             Summary: Ampersands in query parameter values cause 
ExpressionParserExceptions
                 Key: OLINGO-547
                 URL: https://issues.apache.org/jira/browse/OLINGO-547
             Project: Olingo
          Issue Type: Bug
          Components: odata2-core
    Affects Versions: V2 2.0.1
            Reporter: Wendy Tamm
            Priority: Minor


I believe there is a mistake in the handling of encoded ampersands in query 
parameter values in org.apache.olingo.odata2.core.servlet.RestUtil, both in 
extractQueryParameters() on line 95, and identically in 
extractAllQueryParameters() on line 113:
{code:title=RestUtil.java, lines 95 & 113|borderStyle=solid}
List<String> queryParameters = 
Arrays.asList(Decoder.decode(queryString).split("\\&"));
{code}
The query string is decoded before it is split, which causes any encoded 
ampersand in a parameter value to be split incorrectly. Not only does this 
simply risk losing important information, it also causes some system query 
options to not parse properly, like $filter.

For example, the value in the expression "$filter=Name eq 'Tom%26Jerry'" is 
split into "$filter=Name eq 'Tom" and "Jerry'", which causes the following 
exception:

{noformat}
org.apache.olingo.odata2.api.uri.expression.ExpressionParserException: 
Unterminated string literal at position 9 in "Name eq 'Tom".
        at 
org.apache.olingo.odata2.core.uri.expression.FilterParserExceptionImpl.createTOKEN_UNDETERMINATED_STRING(FilterParserExceptionImpl.java:226)
        at 
org.apache.olingo.odata2.core.uri.expression.Tokenizer.readLiteral(Tokenizer.java:317)
        at 
org.apache.olingo.odata2.core.uri.expression.Tokenizer.readLiteral(Tokenizer.java:277)
        at 
org.apache.olingo.odata2.core.uri.expression.Tokenizer.tokenize(Tokenizer.java:104)
        at 
org.apache.olingo.odata2.core.uri.expression.FilterParserImpl.parseFilterString(FilterParserImpl.java:87)
        at 
org.apache.olingo.odata2.core.uri.UriParserImpl.handleSystemQueryOptionFilter(UriParserImpl.java:627)
        ... 31 more
{noformat}

I am working around this by implementing my own query parameter extraction 
method:

{code:borderStyle=solid}
public static Map<String, List<String>> extractAllQueryParameters(final String 
queryString) {
    Map<String, List<String>> allQueryParameterMap = new HashMap<String, 
List<String>>();
    
    if (queryString != null && !queryString.isEmpty()) {
      // split the query string on ampersands (before decoding, to avoid 
problems with ampersands in values)
      String[] queryParameters = queryString.split("\\u0026");

      for (String param : queryParameters) {
        String decodedParam = Decoder.decode(param);
        ...
      }
    }
    
    return allQueryParameterMap;
  }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to