You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Igor Vaynberg (JIRA)" <ji...@apache.org> on 2008/08/03 16:53:44 UTC
[jira] Resolved: (WICKET-1624)
ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes
servlet path
[ https://issues.apache.org/jira/browse/WICKET-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Vaynberg resolved WICKET-1624.
-----------------------------------
Resolution: Fixed
> ServletWebRequest.getRelativePathPrefixToContextRoot() double decodes servlet path
> ----------------------------------------------------------------------------------
>
> Key: WICKET-1624
> URL: https://issues.apache.org/jira/browse/WICKET-1624
> Project: Wicket
> Issue Type: Sub-task
> Components: wicket
> Affects Versions: 1.3.3, 1.4-M1
> Environment: Tomcat 6.0.16 on Mac OS X.
> Reporter: Doug Donohoe
> Assignee: Johan Compagner
> Priority: Blocker
> Fix For: 1.4-M4
>
> Attachments: bugs.jar
>
>
> The following line in ServletWebRequest.getRelativePathPrefixToContextRoot()
> String servletPath = RequestUtils.decode(getServletPath());
> causes problems with relative path for CSS and images. I believe it is because the servlet path is already URL decoded. Running it again causes things that shouldn't be decoded to be decoded. For example,
> %2B gets URL decoded to a plus (+). But, running it again causes any + to be decoded to a space. This causes the endsWith() check to fail when it shouldn't. Because that fails, more "../" get prepended than is correct.
> I'll attach a quickstart which demonstrates the problem.
> I think the fix is to remove the RequestUtils.decode() call above, but someone closer to the code might feel this breaks something.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.