Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.2 Final
    • Fix Version/s: 4.2.1
    • Component/s: HttpClient
    • Labels:
      None
    • Environment:
      JDK 1.6

      Description

      The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

      See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String)

        Issue Links

          Activity

          Jacob L E Blain Christen created issue -
          Oleg Kalnichevski made changes -
          Field Original Value New Value
          Fix Version/s 4.2.1 [ 12321641 ]
          Hide
          Jacob L E Blain Christen added a comment - - edited

          Snippets to demonstrate the problem:

          /* works correctly: notice how the redirect_uri value is encoded properly */
          URI.create("https://some.awesome-service.com/oauth/token"
          + "?client_id=" + URLEncoder.encode("1234567890","UTF-8")
          + "&client_secret=" + URLEncoder.encode("abcdefghijklmnopqrstuvwxyz","UTF-8")
          + "&code=" + URLEncoder.encode("kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn","UTF-8")
          + "&redirect_uri=" + URLEncoder.encode("https://localhost/oauth_callback","UTF-8")
          ).toString()
          // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%3A%2F%2Flocalhost%2Foauth_callback

          /* works incorrectly: notice how the redirect_uri value is encoded twice (eg %2F becomes %252F) */
          new URIBuilder("https://some.awesome-service.com/oauth/token")
          .addParameter("client_id","1234567890")
          .addParameter("client_secret","abcdefghijklmnopqrstuvwxyz")
          .addParameter("code","kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn")
          .addParameter("redirect_uri","https://localhost/oauth_callback")
          .build().toString()
          // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%253A%252F%252Flocalhost%252Foauth_callback

          Show
          Jacob L E Blain Christen added a comment - - edited Snippets to demonstrate the problem: /* works correctly: notice how the redirect_uri value is encoded properly */ URI.create("https://some.awesome-service.com/oauth/token" + "?client_id=" + URLEncoder.encode("1234567890","UTF-8") + "&client_secret=" + URLEncoder.encode("abcdefghijklmnopqrstuvwxyz","UTF-8") + "&code=" + URLEncoder.encode("kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn","UTF-8") + "&redirect_uri=" + URLEncoder.encode("https://localhost/oauth_callback","UTF-8") ).toString() // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%3A%2F%2Flocalhost%2Foauth_callback /* works incorrectly: notice how the redirect_uri value is encoded twice (eg %2F becomes %252F) */ new URIBuilder("https://some.awesome-service.com/oauth/token") .addParameter("client_id","1234567890") .addParameter("client_secret","abcdefghijklmnopqrstuvwxyz") .addParameter("code","kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn") .addParameter("redirect_uri","https://localhost/oauth_callback") .build().toString() // https://some.awesome-service.com/oauth/token?client_id=1234567890&client_secret=abcdefghijklmnopqrstuvwxyz&code=kjhbdafoiuhw9p78hfibsdklvjbnkjsldvkljncdkjnsadklvjnsalkjdfn&redirect_uri=https%253A%252F%252Flocalhost%252Foauth_callback
          Jacob L E Blain Christen made changes -
          Description The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

          See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
          The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

          See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,+java.lang.String,+java.lang.String,+java.lang.String,+java.lang.String)
          Jacob L E Blain Christen made changes -
          Description The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

          See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,+java.lang.String,+java.lang.String,+java.lang.String,+java.lang.String)
          The URIBuilder is using URLEncodedUtils to encode the keys/values in the query string before passing it as an argument to a URI constructor that also encodes the query string.

          See the URI constructor description at http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String)
          Oleg Kalnichevski made changes -
          Link This issue is duplicated by HTTPCLIENT-1195 [ HTTPCLIENT-1195 ]
          Hide
          Oleg Kalnichevski added a comment -

          Fix committed to SVN trunk. Please re-test your application against the latest SVN snapshot.

          Oleg

          Show
          Oleg Kalnichevski added a comment - Fix committed to SVN trunk. Please re-test your application against the latest SVN snapshot. Oleg
          Oleg Kalnichevski made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          Pablo Funes added a comment -

          Not Fixed. Now it does not encode query parameters at all! They should be encoded once. They should be escaped exactly once. They are escaped twice in stable release, but not escaped at all in SVN version.

          Show
          Pablo Funes added a comment - Not Fixed. Now it does not encode query parameters at all! They should be encoded once. They should be escaped exactly once. They are escaped twice in stable release, but not escaped at all in SVN version.
          Oleg Kalnichevski made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Jacob L E Blain Christen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development