You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "nikos dimitrakas (Jira)" <ji...@apache.org> on 2023/05/11 14:31:00 UTC

[jira] [Commented] (WW-5310) s:url does not handle equal sign correctly

    [ https://issues.apache.org/jira/browse/WW-5310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721805#comment-17721805 ] 

nikos dimitrakas commented on WW-5310:
--------------------------------------

There is also a problem with URLs containing a #. When a # is part of the URL, it should be treated as the beginning of the fragment identifier and not as part of the value of the last parameter of the query string. If a # is supposed to be part of the parameter value, then it is encoded as %23.

So perhaps before splitting the query string on &, split it first on # in order to get the left part which would be the actual query string. As it is now ServetUrlRenderer includes the fragment identifier as part of the query string when it sends it to the parser. This should probably be fixed in the ServletUrlRenderer so that the sent query string can actually be only the query string.

> s:url does not handle equal sign correctly
> ------------------------------------------
>
>                 Key: WW-5310
>                 URL: https://issues.apache.org/jira/browse/WW-5310
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Tags
>    Affects Versions: 2.5.30, 6.1.2
>            Reporter: nikos dimitrakas
>            Priority: Major
>
> We discovered a strange case when a URL is passed to s:url. The URL contains an equal sign as part of a parameter value. Example:
> [https://www.scitepress.org/PublicationsDetail.aspx?ID=GjTu91suYQI=&t=1]
> This URL works in the browser even though the equal sign that is part of the value of the parameter ID has not been replaced with %3D.
> When this URL is passed to an s:url as value then the equal sign disappears. When I put a break point in ComponentTagSupport.doStartTag() I can see that the query string has been split and the component.parameters contains the two parameters (ID and t), but the equal sign is missing. 
> The problem seems to be in ServletUrlRenderer.mergeRequestParameters called from beforeRenderUrl. The way the StrutsQueryStringParser.parse splits each param of the queryString on equal sign causes all the equal signs to be used, not just the first. Shouldn't that split be only on the first equal sign so that any remaining equal signs can be considered as part of the value? Just by adding a limit of one to the split should fix this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)