Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-1663

Wicket tries to decode servlet path that already has been decoded by servlet container

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.3.0-final
    • 1.3.5, 1.4-RC2
    • wicket
    • None
    • Apache Tomcat 5.5.25

    Description

      If you try to submit a query containing percent sign, for example, you will get something like this:
      -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
      WicketMessage: Can't instantiate page using constructor public ru.yellteam.web.webPages.ShowYellowPage(org.apache.wicket.PageParameters) and argument 3 = "1" 2 = "-" 0 = "English" 1 = "%"

      Root cause:

      java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "/-"
      at java.net.URLDecoder.decode(URLDecoder.java:173)
      at org.apache.wicket.protocol.http.RequestUtils.decode(RequestUtils.java:122)
      at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getRelativePathPrefixToContextRoot(ServletWebRequest.java:177)
      at ru.yellteam.web.webPages.ShowYellowPage.<init>(ShowYellowPage.java:46)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:154)
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:96)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:268)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
      at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:90)
      at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
      at org.apache.wicket.RequestCycle.step(RequestCycle.java:1241)
      at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1316)
      at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
      at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:354)
      at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:194)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
      at java.lang.Thread.run(Thread.java:595)

      Complete stack:

      org.apache.wicket.WicketRuntimeException: Can't instantiate page using constructor public ru.yellteam.web.webPages.ShowYellowPage(org.apache.wicket.PageParameters) and argument 3 = "1" 2 = "-" 0 = "English" 1 = "%"
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:175)
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:96)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:268)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
      at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:90)
      at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
      at org.apache.wicket.RequestCycle.step(RequestCycle.java:1241)
      at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1316)
      at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
      at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:354)

      java.lang.reflect.InvocationTargetException
      at sun.reflect.GeneratedConstructorAccessor16.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:154)
      at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:96)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:268)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
      at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
      at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:90)
      at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
      at org.apache.wicket.RequestCycle.step(RequestCycle.java:1241)
      at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1316)
      at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
      at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:354)
      -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      The root cause of the problem is org.apache.wicket.protocol.http.servlet.ServletWebRequest line 177:
      String servletPath = RequestUtils.decode(getServletPath());

      where getServletPath() is :
      public String getServletPath()

      { return httpServletRequest.getServletPath(); }

      Basically what happens is that at line 177 Wicket tries to decode an url that was already decoded by Apache servlet container. URLDecoder sees something like '%/-' in the string to be decoded and blows up.
      This problem could be fixed by replacing line 177 with:
      // MODIFIED BY BORISMAN
      // WAS: String servletPath = RequestUtils.decode(getServletPath());
      String servletPath = getServletPath();

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue WICKET-1624 ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes servlet path

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              ivaynberg Igor Vaynberg
              boris.pasko Boris Pasko
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: