Tapestry
  1. Tapestry
  2. TAPESTRY-1988

Page activation paremeter with escaped ( %2f ) slash ( " / " ) character not passed correctly

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.3, 5.0.4, 5.0.5, 5.0.6
    • Fix Version/s: 5.0.8
    • Component/s: None
    • Labels:
      None

      Description

      Trying to pass string containing escaped slash as parameter value to onActivate() results in Tapestry interpreting it as passing two parameters.

      Example:

      test.java
      ============
      public class Test {
      private String param1;
      void onActivate(String p1)

      { param1=p1; }

      public String getParam1()

      { return param1; }

      }

      test.tml
      ============
      <div test="true" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
      Param 1:$

      {Param1}

      </div>

      url
      ============
      http://localhost/test/aaa%2fbbb

      output
      ============
      aaa

      should output
      ============
      aaa/bbb

      1. context_encode_decode_fix_to_trunk.patch
        11 kB
        Yoshikazu Kuramochi
      2. context_encode_decode_fix_to_5.0.6.patch
        11 kB
        Yoshikazu Kuramochi

        Activity

        Hide
        Francois Armand added a comment -

        Thank you for the patch and your answer I missed the bug TAPESTRY-2054

        Show
        Francois Armand added a comment - Thank you for the patch and your answer I missed the bug TAPESTRY-2054
        Hide
        Yoshikazu Kuramochi added a comment -

        > The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String.

        It is reported by TAPESTRY-2054 and I have posted another patch there.

        Show
        Yoshikazu Kuramochi added a comment - > The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String. It is reported by TAPESTRY-2054 and I have posted another patch there.
        Hide
        Francois Armand added a comment -

        I believe this bug is not fully corrected.

        The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String.

        I think that the method org.apache.tapestry.internal.services.LinkFactoryImpl#addActivationContextToLink(Link link, String[] activationContext) should not call "TapestryInternalUtils.encodeContext()".

        It seems to work well on a Tapestry 5.0.6 with theYoshikazu Kuramochi's patch.

        Show
        Francois Armand added a comment - I believe this bug is not fully corrected. The ActivationContext parameter of forms (ac parameter in hidden field) is still encoded but never decoded, so that onActivate(...) methods receive an encoded String. I think that the method org.apache.tapestry.internal.services.LinkFactoryImpl#addActivationContextToLink(Link link, String[] activationContext) should not call "TapestryInternalUtils.encodeContext()". It seems to work well on a Tapestry 5.0.6 with theYoshikazu Kuramochi's patch.
        Hide
        Howard M. Lewis Ship added a comment -

        Thanks for the patch and the great research!

        Show
        Howard M. Lewis Ship added a comment - Thanks for the patch and the great research!
        Hide
        Howard M. Lewis Ship added a comment -

        Looks like a nice patch!

        Show
        Howard M. Lewis Ship added a comment - Looks like a nice patch!
        Hide
        Yoshikazu Kuramochi added a comment - - edited

        I think this issue related to

        https://issues.apache.org/jira/browse/TAPESTRY-1968
        https://issues.apache.org/jira/browse/TAPESTRY-1911

        And, page activation context / component context contains utf8 string
        is not decoded correctly (I tested Japanese characters).

        I wrote patch to fix these problems.

        Summary of this patch:

        • Servlet container already decoded context,
          so does not use TapestryInternalUtils#urlDecode.
        • But, servlet container does not decode '+' in path to ' ',
          so encode ' ' to %20 not to '+' in TapestryInternalUtils.
        • Escaped slash (%2F) is also decoded by servlet container,
          then Tapestry can't distinct escaped slash from real slash.
          So escape slash in context to %2F before encode,
          then %2F is encoded to %252F in URLCodec#encode.
          (also % is escaped to %25 then encoded to %2525)
          And unescape in PageRenderDispatcher and ComponentActionDispatcher
          (TapestryInternalUtils#unescapePercentAndSlash).
        • Add some tests.
        Show
        Yoshikazu Kuramochi added a comment - - edited I think this issue related to https://issues.apache.org/jira/browse/TAPESTRY-1968 https://issues.apache.org/jira/browse/TAPESTRY-1911 And, page activation context / component context contains utf8 string is not decoded correctly (I tested Japanese characters). I wrote patch to fix these problems. Summary of this patch: Servlet container already decoded context, so does not use TapestryInternalUtils#urlDecode. But, servlet container does not decode '+' in path to ' ', so encode ' ' to %20 not to '+' in TapestryInternalUtils. Escaped slash (%2F) is also decoded by servlet container, then Tapestry can't distinct escaped slash from real slash. So escape slash in context to %2F before encode, then %2F is encoded to %252F in URLCodec#encode. (also % is escaped to %25 then encoded to %2525) And unescape in PageRenderDispatcher and ComponentActionDispatcher (TapestryInternalUtils#unescapePercentAndSlash). Add some tests.

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            Kalin Krustev
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development