You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@olingo.apache.org by "Christian Amend (JIRA)" <ji...@apache.org> on 2015/02/06 15:41:34 UTC
[jira] [Resolved] (OLINGO-547) Ampersands in query parameter values
cause ExpressionParserExceptions
[ https://issues.apache.org/jira/browse/OLINGO-547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Amend resolved OLINGO-547.
------------------------------------
Resolution: Fixed
Fix Version/s: V2 2.0.3
Hi Wendy,
thank you for your detailed analysis! It made making a fix very easy :)
Fixed with commit: https://git-wip-us.apache.org/repos/asf?p=olingo-odata2.git;a=commit;h=1519a52ad523e688f727975268906b1989b54434
> Ampersands in query parameter values cause ExpressionParserExceptions
> ---------------------------------------------------------------------
>
> Key: OLINGO-547
> URL: https://issues.apache.org/jira/browse/OLINGO-547
> Project: Olingo
> Issue Type: Bug
> Components: odata2-core
> Affects Versions: V2 2.0.1
> Reporter: Wendy Tamm
> Assignee: Christian Amend
> Priority: Minor
> Fix For: V2 2.0.3
>
>
> I believe there is a mistake in the handling of encoded ampersands in query parameter values in org.apache.olingo.odata2.core.servlet.RestUtil, both in extractQueryParameters() on line 95, and identically in extractAllQueryParameters() on line 113:
> {code:title=RestUtil.java, lines 95 & 113|borderStyle=solid}
> List<String> queryParameters = Arrays.asList(Decoder.decode(queryString).split("\\&"));
> {code}
> The query string is decoded before it is split, which causes any encoded ampersand in a parameter value to be split incorrectly. Not only does this simply risk losing important information, it also causes some system query options to not parse properly, like $filter.
> For example, the value in the expression "$filter=Name eq 'Tom%26Jerry'" is split into "$filter=Name eq 'Tom" and "Jerry'", which causes the following exception:
> {noformat}
> org.apache.olingo.odata2.api.uri.expression.ExpressionParserException: Unterminated string literal at position 9 in "Name eq 'Tom".
> at org.apache.olingo.odata2.core.uri.expression.FilterParserExceptionImpl.createTOKEN_UNDETERMINATED_STRING(FilterParserExceptionImpl.java:226)
> at org.apache.olingo.odata2.core.uri.expression.Tokenizer.readLiteral(Tokenizer.java:317)
> at org.apache.olingo.odata2.core.uri.expression.Tokenizer.readLiteral(Tokenizer.java:277)
> at org.apache.olingo.odata2.core.uri.expression.Tokenizer.tokenize(Tokenizer.java:104)
> at org.apache.olingo.odata2.core.uri.expression.FilterParserImpl.parseFilterString(FilterParserImpl.java:87)
> at org.apache.olingo.odata2.core.uri.UriParserImpl.handleSystemQueryOptionFilter(UriParserImpl.java:627)
> ... 31 more
> {noformat}
> I am working around this by implementing my own query parameter extraction method:
> {code:borderStyle=solid}
> public static Map<String, List<String>> extractAllQueryParameters(final String queryString) {
> Map<String, List<String>> allQueryParameterMap = new HashMap<String, List<String>>();
>
> if (queryString != null && !queryString.isEmpty()) {
> // split the query string on ampersands (before decoding, to avoid problems with ampersands in values)
> String[] queryParameters = queryString.split("\\u0026");
> for (String param : queryParameters) {
> String decodedParam = Decoder.decode(param);
> ...
> }
> }
>
> return allQueryParameterMap;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)