Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-419

HTTP wagons incorrectly encode blank space in URLs causing resources to be uploaded/looked up with a "+" sign

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.0, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6
    • Fix Version/s: 2.7
    • Labels:
      None
    • Environment:
    • Flags:
      Patch

      Description

      The wagons all use java.net.URLEncoder.encode to encode the path components of the URL which uses application/x-www-form-urlencoded format instead of the more generic one defined by RFC2396. As documented by the java.net.URL class, this should only be used for HTML/form encoding and not generic URL encoding:

      The URLEncoder and URLDecoder classes can also be used, but only for HTML form encoding, which is not the same as the encoding scheme defined in RFC2396.

      The use of such encoder affects URLs with spaces (i.e.: on the resource path) by encoding it to + instead of the traditional %20 which would ultimately result in an actual space being stored on the server when receiving a PUT request. Additionally, the application/x-www-form-urlencoded format should only be used if the HTTP request itself has that as a Content-Type header value, which in the majority of the cases here is not the case (the HTTP client will either be sending up the correctly translated MIME type, a generic application/octet-stream or some other form of encoding - i.e.: base64, but the URL encoding is completely independent of that).

      This is probably a known issue given there are TODO comments on the code for every one of the wagons.

      I'm submitting a PR on Github with a proposed fix for them all.

        Attachments

          Activity

            People

            • Assignee:
              olamy Olivier Lamy
              Reporter:
              roberto.andrade Roberto Andrade
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: