Tapestry
  1. Tapestry
  2. TAPESTRY-1988

Page activation paremeter with escaped ( %2f ) slash ( " / " ) character not passed correctly

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.3, 5.0.4, 5.0.5, 5.0.6
    • Fix Version/s: 5.0.8
    • Component/s: None
    • Labels:
      None

      Description

      Trying to pass string containing escaped slash as parameter value to onActivate() results in Tapestry interpreting it as passing two parameters.

      Example:

      test.java
      ============
      public class Test {
      private String param1;
      void onActivate(String p1)

      { param1=p1; }

      public String getParam1()

      { return param1; }

      }

      test.tml
      ============
      <div test="true" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
      Param 1:$

      {Param1}

      </div>

      url
      ============
      http://localhost/test/aaa%2fbbb

      output
      ============
      aaa

      should output
      ============
      aaa/bbb

      1. context_encode_decode_fix_to_trunk.patch
        11 kB
        Yoshikazu Kuramochi
      2. context_encode_decode_fix_to_5.0.6.patch
        11 kB
        Yoshikazu Kuramochi

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        14d 8h 14m 1 Howard M. Lewis Ship 31/Dec/07 18:52
        In Progress In Progress Closed Closed
        3m 38s 1 Howard M. Lewis Ship 31/Dec/07 18:55
        Mark Thomas made changes -
        Workflow Default workflow, editable Closed status [ 12568461 ] jira [ 12591512 ]
        Mark Thomas made changes -
        Workflow jira [ 12419401 ] Default workflow, editable Closed status [ 12568461 ]
        Hide
        Francois Armand added a comment -

        Thank you for the patch and your answer I missed the bug TAPESTRY-2054

        Show
        Francois Armand added a comment - Thank you for the patch and your answer I missed the bug TAPESTRY-2054
        Hide
        Yoshikazu Kuramochi added a comment -

        > The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String.

        It is reported by TAPESTRY-2054 and I have posted another patch there.

        Show
        Yoshikazu Kuramochi added a comment - > The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String. It is reported by TAPESTRY-2054 and I have posted another patch there.
        Hide
        Francois Armand added a comment -

        I believe this bug is not fully corrected.

        The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String.

        I think that the method org.apache.tapestry.internal.services.LinkFactoryImpl#addActivationContextToLink(Link link, String[] activationContext) should not call "TapestryInternalUtils.encodeContext()".

        It seems to work well on a Tapestry 5.0.6 with theYoshikazu Kuramochi's patch.

        Show
        Francois Armand added a comment - I believe this bug is not fully corrected. The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String. I think that the method org.apache.tapestry.internal.services.LinkFactoryImpl#addActivationContextToLink(Link link, String[] activationContext) should not call "TapestryInternalUtils.encodeContext()". It seems to work well on a Tapestry 5.0.6 with theYoshikazu Kuramochi's patch.
        Howard M. Lewis Ship made changes -
        Resolution Fixed [ 1 ]
        Status In Progress [ 3 ] Closed [ 6 ]
        Fix Version/s 5.0.8 [ 12312898 ]
        Hide
        Howard M. Lewis Ship added a comment -

        Thanks for the patch and the great research!

        Show
        Howard M. Lewis Ship added a comment - Thanks for the patch and the great research!
        Hide
        Howard M. Lewis Ship added a comment -

        Looks like a nice patch!

        Show
        Howard M. Lewis Ship added a comment - Looks like a nice patch!
        Howard M. Lewis Ship made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Howard M. Lewis Ship made changes -
        Assignee Howard M. Lewis Ship [ hlship ]
        Yoshikazu Kuramochi made changes -
        Hide
        Yoshikazu Kuramochi added a comment - - edited

        I think this issue related to

        https://issues.apache.org/jira/browse/TAPESTRY-1968
        https://issues.apache.org/jira/browse/TAPESTRY-1911

        And, page activation context / component context contains utf8 string
        is not decoded correctly (I tested Japanese characters).

        I wrote patch to fix these problems.

        Summary of this patch:

        • Servlet container already decoded context,
          so does not use TapestryInternalUtils#urlDecode.
        • But, servlet container does not decode '+' in path to ' ',
          so encode ' ' to %20 not to '+' in TapestryInternalUtils.
        • Escaped slash (%2F) is also decoded by servlet container,
          then Tapestry can't distinct escaped slash from real slash.
          So escape slash in context to %2F before encode,
          then %2F is encoded to %252F in URLCodec#encode.
          (also % is escaped to %25 then encoded to %2525)
          And unescape in PageRenderDispatcher and ComponentActionDispatcher
          (TapestryInternalUtils#unescapePercentAndSlash).
        • Add some tests.
        Show
        Yoshikazu Kuramochi added a comment - - edited I think this issue related to https://issues.apache.org/jira/browse/TAPESTRY-1968 https://issues.apache.org/jira/browse/TAPESTRY-1911 And, page activation context / component context contains utf8 string is not decoded correctly (I tested Japanese characters). I wrote patch to fix these problems. Summary of this patch: Servlet container already decoded context, so does not use TapestryInternalUtils#urlDecode. But, servlet container does not decode '+' in path to ' ', so encode ' ' to %20 not to '+' in TapestryInternalUtils. Escaped slash (%2F) is also decoded by servlet container, then Tapestry can't distinct escaped slash from real slash. So escape slash in context to %2F before encode, then %2F is encoded to %252F in URLCodec#encode. (also % is escaped to %25 then encoded to %2525) And unescape in PageRenderDispatcher and ComponentActionDispatcher (TapestryInternalUtils#unescapePercentAndSlash). Add some tests.
        Kalin Krustev made changes -
        Field Original Value New Value
        Description Trying to pass escaped slash as parameter value to onActivate() results in Tapestry interpreting it as passing two parameters.

        Example:

        test.java
        ============
        public class Test {
        private String param1;
        void onActivate(String p1){
        param1=p1;
        }
        public String getParam1() {
        return param1;
        }
        }

        test.tml
        ============
        <div test="true" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
          Param 1:${Param1}
        </div>

        url
        ============
        http://localhost/test/aaa%2fbbb

        output
        ============
        aaa

        should output
        ============
        aaa/bbb
        Trying to pass string containing escaped slash as parameter value to onActivate() results in Tapestry interpreting it as passing two parameters.

        Example:

        test.java
        ============
        public class Test {
        private String param1;
        void onActivate(String p1){
        param1=p1;
        }
        public String getParam1() {
        return param1;
        }
        }

        test.tml
        ============
        <div test="true" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
          Param 1:${Param1}
        </div>

        url
        ============
        http://localhost/test/aaa%2fbbb

        output
        ============
        aaa

        should output
        ============
        aaa/bbb
        Kalin Krustev created issue -

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            Kalin Krustev
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development