[ https://issues.apache.org/jira/browse/SHIRO-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077530#comment-17077530 ]
Brian Demers commented on SHIRO-753: ------------------------------------ https://github.com/apache/shiro/pull/211 > Regression in URI parsing in Shiro 1.5.2 > ---------------------------------------- > > Key: SHIRO-753 > URL: https://issues.apache.org/jira/browse/SHIRO-753 > Project: Shiro > Issue Type: Bug > Components: Web > Affects Versions: 1.5.2 > Reporter: Antoine DESSAIGNE > Priority: Critical > > Hello everyone, > In Shiro 1.5.2, {{WebUtils.getRequestURI()}} no longer support paths with '%' > character in it > In Shiro 1.5.1, when the path is "A%B" then the String URI retrieved from > {{request.getRequestURI()}} returns "A%25B" which is properly decoded > afterward by theĀ {{decodeAndCleanUriString}} method. > In Shiro 1.5.2, when the path is "A%B" then the String URI reconstructed from > context+path+pathInfo returns "A%B" (it's already decoded) which crashes when > calling {{decodeAndCleanUriString}} > {noformat} > Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex > characters in escape (%) pattern - Error at index 1 in: "B/" > at java.net.URLDecoder.decode(URLDecoder.java:232) ~[?:?] > at java.net.URLDecoder.decode(URLDecoder.java:142) ~[?:?] > at > org.apache.shiro.web.util.WebUtils.decodeRequestString(WebUtils.java:357) > ~[?:?] > at > org.apache.shiro.web.util.WebUtils.decodeAndCleanUriString(WebUtils.java:242) > ~[?:?] > at org.apache.shiro.web.util.WebUtils.getRequestUri(WebUtils.java:143) > ~[?:?] > at > org.apache.shiro.web.util.WebUtils.getPathWithinApplication(WebUtils.java:113) > ~[?:?] > {noformat} > Decoding twice the URI might produce other incorrect results. > Can you have a look? Thanks! -- This message was sent by Atlassian Jira (v8.3.4#803005)