Martin Becker created OFBIZ-10275:
-------------------------------------
Summary: UtilCodec URL decoding breaks values with german umlauts
Key: OFBIZ-10275
URL: https://issues.apache.org/jira/browse/OFBIZ-10275
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: Trunk
Reporter: Martin Becker
...and other UTF-8 characters encoded in two hex. values like in this example:
{code:java}
String example = "/webcontent/example_öl.jpg";
String encoded = UtilCodec.getEncoder("url").encode(example);
System.out.println(encoded);
=> "%2Fwebcontent%2Fexample_%C3%B6l.jpg"
String decoded = UtilCodec.getDecoder("url").decode(encoded);
System.out.println(decoded);
=> "/webcontent/example_öl.jpg"{code}
The reason for this is the OWASP ESAPI PercentCodec implementation used within
the method UtilCodec.canonicalize, called before the proper decoding via
java.net.URLDecoder here:
{code:java}
public String decode(String original) {
try {
String canonical = canonicalize(original);
return URLDecoder.decode(canonical, "UTF-8");
} catch (UnsupportedEncodingException ee) {
Debug.logError(ee, module);
return null;
}
}{code}
The fix could be to only use the canonicalize logic to check the original value
for double/mixed encoding and to encode the original value afterwards via
URLDecoder instead of using the canonicalize output for this.
This way the UrlCodec decode method matches the encode method by only using
URLDecoder / URLEncoder for doing the main job.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
