Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-1627 AbstractRequestTargetUrlCodingStrategy improper user of URLEncoder.encode
  3. WICKET-1624

ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes servlet path

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.3.3, 1.4-M1
    • 1.4-RC1
    • wicket
    • None
    • Tomcat 6.0.16 on Mac OS X.

    Description

      The following line in ServletWebRequest.getRelativePathPrefixToContextRoot()

      String servletPath = RequestUtils.decode(getServletPath());

      causes problems with relative path for CSS and images. I believe it is because the servlet path is already URL decoded. Running it again causes things that shouldn't be decoded to be decoded. For example,

      %2B gets URL decoded to a plus . But, running it again causes any + to be decoded to a space. This causes the endsWith() check to fail when it shouldn't. Because that fails, more "../" get prepended than is correct.

      I'll attach a quickstart which demonstrates the problem.

      I think the fix is to remove the RequestUtils.decode() call above, but someone closer to the code might feel this breaks something.

      Attachments

        1. bugs.jar
          24 kB
          Doug Donohoe

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. WICKET-1663 Wicket tries to decode servlet path that already has been decoded by servlet container

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jcompagner Johan Compagner
              donohoedigital Doug Donohoe
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: