Uploaded image for project: 'MyFaces Core'
  1. MyFaces Core
  2. MYFACES-3229

ServletExternalContextImpl.encodeRedirectURL() doesn't handle existing query parameters correctly

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.1
    • Fix Version/s: 2.0.8, 2.1.2
    • Component/s: JSR-314
    • Labels:
      None

      Description

      ServletExternalContextImpl.encodeRedirectURL() doesn't work correctly if the base URL already contains encoded query parameters. In this case the resulting URL contains the query parameter encoded twice, which completely breaks them.

      Take a look at this example:

      externalContext.encodeRedirectURL("/test?p1=a+b", null);

      Result ----> /test?p1=a%2Bb

      Another example are encoded ampersand:

      externalContext.encodeRedirectURL("/test?p1=a%26b", null);

      Result ----> /test?p1=a%2526b

      The root cause of the problem seems to be that ServletExternalContextImpl.encodeURL() doesn't decode the query parameters while parsing the base URL.

        Attachments

        1. MYFACES-3229-failing-unit-test.patch
          1 kB
          Christian Kaltepoth
        2. MYFACES-3229-fix.patch
          1 kB
          Christian Kaltepoth

          Activity

            People

            • Assignee:
              lu4242 Leonardo Uribe
              Reporter:
              chkal Christian Kaltepoth
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: