Description
Hello everyone,
In Shiro 1.5.2, WebUtils.getRequestURI() no longer support paths with '%' character in it
In Shiro 1.5.1, when the path is "A%B" then the String URI retrieved from request.getRequestURI() returns "A%25B" which is properly decoded afterward by theĀ decodeAndCleanUriString method.
In Shiro 1.5.2, when the path is "A%B" then the String URI reconstructed from context+path+pathInfo returns "A%B" (it's already decoded) which crashes when calling decodeAndCleanUriString
Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 1 in: "B/" at java.net.URLDecoder.decode(URLDecoder.java:232) ~[?:?] at java.net.URLDecoder.decode(URLDecoder.java:142) ~[?:?] at org.apache.shiro.web.util.WebUtils.decodeRequestString(WebUtils.java:357) ~[?:?] at org.apache.shiro.web.util.WebUtils.decodeAndCleanUriString(WebUtils.java:242) ~[?:?] at org.apache.shiro.web.util.WebUtils.getRequestUri(WebUtils.java:143) ~[?:?] at org.apache.shiro.web.util.WebUtils.getPathWithinApplication(WebUtils.java:113) ~[?:?]
Decoding twice the URI might produce other incorrect results.
Can you have a look? Thanks!
Attachments
Issue Links
- links to