Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Engine 2.7.2
-
None
Description
RequestData.initResource() has support for requests containing URL-path parameters (e.g. /path;foo=bar/path2;bar=baz/). It will split at the first semicolon, and concatenate this to the request.getPathInfo() (not containing such parameters). See RequestData.java. However, this handling is incomplete as it only covers the case where one such parameter is added at the end of the request, but path parameters can be added to any path segment, leading to unexpected results.
E.g. the following request:
http://localhost:4502/content;foo=bar/we-retail;bar=baz/us/en.html
will result in path being:
/content/we-retail/us/en.html;foo=bar/we-retail;bar=baz/us/en.html
This gets especially confusing when path normalization happens in conjunction with path parameters:
http://localhost/content/we-retail.html/..;/..;/bin/querybuilder.json.css?path=/home/users
will result in path being:
/bin/querybuilder.json.css;/..;/bin/querybuilder.json.css
after the concatenation.