[
https://issues.apache.org/jira/browse/CXF-6606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tyler Brazier updated CXF-6606:
-------------------------------
Description:
When given a url like {{/api/%255E/users.json}},
{{RequestPreprocessor#preprocess}} first does {{handleExtensionMappings}},
which creates a {{PathSegmentImpl}} with a single arg constructor, decoding the
path. The path on {{Message}} is set to the decoded path with a call to
{{updatePath}} if the {{.json}} extension was found within the extension
mappings. Back in {{RequestPreprocessor#preprocess}}, the path returned will be
decoded again within the call to {{UriInfoImpl#getPath}}.
This causes the {{%255E}} in the path to be decoded the first time as {{%5E}},
then the second time as {{^}}.
I believe this could be fixed by constructing {{PathSegment}} within
{{handleLanguageMappings}} and {{handleExtensionMappings}} with a second
{{false}} argument.
was:
When given a url like {{/api/%255E/users.json}},
{{RequestPreprocessor#preprocess}} first does {{handleExtensionMappings}},
which creates a {{PathSegmentImpl}} with a single arg constructor, decoding the
path. The path on {{Message}} is set to the decoded path with a call to
{{updatePath}} if the {{.json}} extension was found within the extension
mappings. Back in {{RequestPreprocessor#preprocess}}, the path returned will be
decoded again within the call to {{UriInfoImpl.getPath}}.
This causes the {{%255E}} in the path to be decoded the first time as {{%5E}},
then the second time as {{^}}.
I believe this could be fixed by constructing {{PathSegment}} within
{{handleLanguageMappings}} and {{handleExtensionMappings}} with a second
{{false}} argument.
> Encoded characters in URI are decoded multiple times during preprocess
> ----------------------------------------------------------------------
>
> Key: CXF-6606
> URL: https://issues.apache.org/jira/browse/CXF-6606
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.1.2
> Reporter: Tyler Brazier
>
> When given a url like {{/api/%255E/users.json}},
> {{RequestPreprocessor#preprocess}} first does {{handleExtensionMappings}},
> which creates a {{PathSegmentImpl}} with a single arg constructor, decoding
> the path. The path on {{Message}} is set to the decoded path with a call to
> {{updatePath}} if the {{.json}} extension was found within the extension
> mappings. Back in {{RequestPreprocessor#preprocess}}, the path returned will
> be decoded again within the call to {{UriInfoImpl#getPath}}.
> This causes the {{%255E}} in the path to be decoded the first time as
> {{%5E}}, then the second time as {{^}}.
> I believe this could be fixed by constructing {{PathSegment}} within
> {{handleLanguageMappings}} and {{handleExtensionMappings}} with a second
> {{false}} argument.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
