Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.2 Final
    • Fix Version/s: 4.2.1
    • Component/s: HttpClient
    • Labels:
      None
    • Environment:
      JDK 1.6

      Description

      The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

      See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String)

        Issue Links

          Activity

          Hide
          Pablo Funes added a comment -

          Not Fixed. Now it does not encode query parameters at all! They should be encoded once. They should be escaped exactly once. They are escaped twice in stable release, but not escaped at all in SVN version.

          Show
          Pablo Funes added a comment - Not Fixed. Now it does not encode query parameters at all! They should be encoded once. They should be escaped exactly once. They are escaped twice in stable release, but not escaped at all in SVN version.
          Hide
          Oleg Kalnichevski added a comment -

          Fix committed to SVN trunk. Please re-test your application against the latest SVN snapshot.

          Oleg

          Show
          Oleg Kalnichevski added a comment - Fix committed to SVN trunk. Please re-test your application against the latest SVN snapshot. Oleg
          Hide
          Jacob L E Blain Christen added a comment - - edited

          Snippets to demonstrate the problem:

          /* works correctly: notice how the redirect_uri value is encoded properly */
          URI.create("https://some.awesome-service.com/oauth/token"
          + "?client_id=" + URLEncoder.encode("1234567890","UTF-8")
          + "&client_secret=" + URLEncoder.encode("abcdefghijklmnopqrstuvwxyz","UTF-8")
          + "&code=" + URLEncoder.encode("kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn","UTF-8")
          + "&redirect_uri=" + URLEncoder.encode("https://localhost/oauth_callback","UTF-8")
          ).toString()
          // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%3A%2F%2Flocalhost%2Foauth_callback

          /* works incorrectly: notice how the redirect_uri value is encoded twice (eg %2F becomes %252F) */
          new URIBuilder("https://some.awesome-service.com/oauth/token")
          .addParameter("client_id","1234567890")
          .addParameter("client_secret","abcdefghijklmnopqrstuvwxyz")
          .addParameter("code","kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn")
          .addParameter("redirect_uri","https://localhost/oauth_callback")
          .build().toString()
          // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%253A%252F%252Flocalhost%252Foauth_callback

          Show
          Jacob L E Blain Christen added a comment - - edited Snippets to demonstrate the problem: /* works correctly: notice how the redirect_uri value is encoded properly */ URI.create("https://some.awesome-service.com/oauth/token" + "?client_id=" + URLEncoder.encode("1234567890","UTF-8") + "&client_secret=" + URLEncoder.encode("abcdefghijklmnopqrstuvwxyz","UTF-8") + "&code=" + URLEncoder.encode("kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn","UTF-8") + "&redirect_uri=" + URLEncoder.encode("https://localhost/oauth_callback","UTF-8") ).toString() // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%3A%2F%2Flocalhost%2Foauth_callback /* works incorrectly: notice how the redirect_uri value is encoded twice (eg %2F becomes %252F) */ new URIBuilder("https://some.awesome-service.com/oauth/token") .addParameter("client_id","1234567890") .addParameter("client_secret","abcdefghijklmnopqrstuvwxyz") .addParameter("code","kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn") .addParameter("redirect_uri","https://localhost/oauth_callback") .build().toString() // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%253A%252F%252Flocalhost%252Foauth_callback

            People

            • Assignee:
              Unassigned
              Reporter:
              Jacob L E Blain Christen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development