Antoine DESSAIGNE created SHIRO-753:
---------------------------------------
Summary: Regression in URI parsing in Shiro 1.5.2
Key: SHIRO-753
URL: https://issues.apache.org/jira/browse/SHIRO-753
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.5.2
Reporter: Antoine DESSAIGNE
Hello everyone,
In Shiro 1.5.2, {{WebUtils.getRequestURI()}} no longer support paths with '%'
character in it
In Shiro 1.5.1, when the path is "A%B" then the String URI retrieved from
{{request.getRequestURI()}} returns "A%25B" which is properly decoded afterward
by theĀ {{decodeAndCleanUriString}} method.
In Shiro 1.5.2, when the path is "A%B" then the String URI reconstructed from
context+path+pathInfo returns "A%B" (it's already decoded) which crashes when
calling {{decodeAndCleanUriString}}
{noformat}
Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex
characters in escape (%) pattern - Error at index 1 in: "B/"
at java.net.URLDecoder.decode(URLDecoder.java:232) ~[?:?]
at java.net.URLDecoder.decode(URLDecoder.java:142) ~[?:?]
at
org.apache.shiro.web.util.WebUtils.decodeRequestString(WebUtils.java:357) ~[?:?]
at
org.apache.shiro.web.util.WebUtils.decodeAndCleanUriString(WebUtils.java:242)
~[?:?]
at org.apache.shiro.web.util.WebUtils.getRequestUri(WebUtils.java:143)
~[?:?]
at
org.apache.shiro.web.util.WebUtils.getPathWithinApplication(WebUtils.java:113)
~[?:?]
{noformat}
Can you have a look? Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
