Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2200

Path and query parameters are not decoded properly due to flag switch.

XMLWordPrintable

      UPDATE: path& query parameters are not decoded properly due to flag/meaning switch of flag:
      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/URLUtils.java#L95 --> decodeSlash
      vs
      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L587 --> allowEncodedSlash

      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/util/URLUtils.java#L95 --> decodeSlash
      vs
      https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L587 --> allowEncodedSlash

      This means that not only parts of code had wrong value hardcoded, but UndertowOptions#ALLOW_ENCODED_SLASH had opposite meaning.

      Using a predicate path-prefix('/foo') -> rewrite('/bar${remaining}') for a request path that already has some url-encoded segments will result in rewritten path being different than intended. 

      For example, a request to /foo/hello%2Fworld will end up being /bar/hello%252Fworld instead of the expected /bar/hello%2Fworld

      I noticed this problem on WildFly in a JAX-RS method that must handle such urlencoded values in a @PathParam

            rhn-cservice-bbaranow Bartosz Baranowski
            rok.bertoncelj@gmail.com Rok Bertoncelj (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: