You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Roberto Andrade (JIRA)" <ji...@codehaus.org> on 2014/07/23 01:46:10 UTC

[jira] (WAGON-419) HTTP wagons incorrectly encode blank space in URLs causing resources to be uploaded/looked up with a "+" sign

Roberto Andrade created WAGON-419:
-------------------------------------

             Summary: HTTP wagons incorrectly encode blank space in URLs causing resources to be uploaded/looked up with a "+" sign
                 Key: WAGON-419
                 URL: https://jira.codehaus.org/browse/WAGON-419
             Project: Maven Wagon
          Issue Type: Bug
          Components: wagon-http, wagon-http-lightweight, wagon-webdav
    Affects Versions: 2.6, 2.5, 2.4, 2.3, 2.2, 2.1, 2.0, 1.0
         Environment: Apache Maven 3.1.1 (0728685237757ffbf44136acec0402957f723d9a; 2013-09-17 11:22:22-0400)
Maven home: /usr/local/Cellar/maven/3.1.1/libexec
Java version: 1.7.0_51, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: US-ASCII
OS name: "mac os x", version: "10.9.4", arch: "x86_64", family: "mac"
            Reporter: Roberto Andrade
            Priority: Minor


The wagons all use [{{java.net.URLEncoder.encode}}|http://docs.oracle.com/javase/7/docs/api/java/net/URLEncoder.html] to encode the path components of the URL which uses {{application/x-www-form-urlencoded}} format instead of the more generic one defined by RFC2396. As documented by the [java.net.URL|http://docs.oracle.com/javase/7/docs/api/java/net/URL.html] class, this should only be used for HTML/form encoding and not generic URL encoding:

{quote}
The URLEncoder and URLDecoder classes can also be used, but only for HTML form encoding, which is not the same as the encoding scheme defined in RFC2396.
{quote}

The use of such encoder affects URLs with spaces (i.e.: on the resource path) by encoding it to {{+}} instead of the traditional {{%20}} which would ultimately result in an actual space being stored on the server when receiving a {{PUT}} request. Additionally, the {{application/x-www-form-urlencoded}} format should only be used if the HTTP request itself has that as a {{Content-Type}} header value, which in the majority of the cases here is not the case (the HTTP client will either be sending up the correctly translated MIME type, a generic {{application/octet-stream}} or some other form of encoding - i.e.: base64, but the URL encoding is completely independent of that).

This is probably a known issue given there are {{TODO}} comments on the code for every one of the wagons.

I'm submitting a PR on Github with a proposed fix for them all.



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)