[
https://issues.apache.org/jira/browse/SHIRO-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077530#comment-17077530
]
Brian Demers commented on SHIRO-753:
------------------------------------
https://github.com/apache/shiro/pull/211
> Regression in URI parsing in Shiro 1.5.2
> ----------------------------------------
>
> Key: SHIRO-753
> URL: https://issues.apache.org/jira/browse/SHIRO-753
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.5.2
> Reporter: Antoine DESSAIGNE
> Priority: Critical
>
> Hello everyone,
> In Shiro 1.5.2, {{WebUtils.getRequestURI()}} no longer support paths with '%'
> character in it
> In Shiro 1.5.1, when the path is "A%B" then the String URI retrieved from
> {{request.getRequestURI()}} returns "A%25B" which is properly decoded
> afterward by theĀ {{decodeAndCleanUriString}} method.
> In Shiro 1.5.2, when the path is "A%B" then the String URI reconstructed from
> context+path+pathInfo returns "A%B" (it's already decoded) which crashes when
> calling {{decodeAndCleanUriString}}
> {noformat}
> Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex
> characters in escape (%) pattern - Error at index 1 in: "B/"
> at java.net.URLDecoder.decode(URLDecoder.java:232) ~[?:?]
> at java.net.URLDecoder.decode(URLDecoder.java:142) ~[?:?]
> at
> org.apache.shiro.web.util.WebUtils.decodeRequestString(WebUtils.java:357)
> ~[?:?]
> at
> org.apache.shiro.web.util.WebUtils.decodeAndCleanUriString(WebUtils.java:242)
> ~[?:?]
> at org.apache.shiro.web.util.WebUtils.getRequestUri(WebUtils.java:143)
> ~[?:?]
> at
> org.apache.shiro.web.util.WebUtils.getPathWithinApplication(WebUtils.java:113)
> ~[?:?]
> {noformat}
> Decoding twice the URI might produce other incorrect results.
> Can you have a look? Thanks!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
