You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by cm...@apache.org on 2012/07/03 14:22:28 UTC
[4/28] git commit: do not stop on 0
do not stop on 0
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/d699add0
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/d699add0
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/d699add0
Branch: refs/heads/sandbox/resourcefinder
Commit: d699add00e58133173ad36ae4f280b0529bb9f5e
Parents: 4b962ce
Author: Carl-Eric Menzel <cm...@wicketbuch.de>
Authored: Tue Jul 3 00:13:23 2012 +0200
Committer: Carl-Eric Menzel <cm...@wicketbuch.de>
Committed: Tue Jul 3 13:19:02 2012 +0200
----------------------------------------------------------------------
.../org/apache/wicket/request/UrlDecoderTest.java | 42 ---------------
.../apache/wicket/util/encoding/UrlEncoder.java | 31 ++++-------
.../wicket/util/encoding/UrlDecoderTest.java | 42 +++++++++++++++
.../wicket/util/encoding/UrlEncoderTest.java | 12 ++++-
4 files changed, 64 insertions(+), 63 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
----------------------------------------------------------------------
diff --git a/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java b/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
deleted file mode 100644
index 90d913f..0000000
--- a/wicket-request/src/test/java/org/apache/wicket/request/UrlDecoderTest.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.wicket.request;
-
-import static org.junit.Assert.assertEquals;
-
-import org.junit.Test;
-
-public class UrlDecoderTest
-{
- @Test
- public void mustNotEmitNullByteForPath() throws Exception
- {
- String evil = "http://www.devil.com/highway/to%00hell";
- String decoded = UrlDecoder.PATH_INSTANCE.decode(evil, "UTF-8");
- assertEquals(-1, decoded.indexOf('\0'));
- assertEquals("http://www.devil.com/highway/toNULLhell", decoded);
- }
-
- @Test
- public void mustNotEmitNullByteForQuery() throws Exception
- {
- String evil = "http://www.devil.com/highway?destination=%00hell";
- String decoded = UrlDecoder.QUERY_INSTANCE.decode(evil, "UTF-8");
- assertEquals(-1, decoded.indexOf('\0'));
- assertEquals("http://www.devil.com/highway?destination=NULLhell", decoded);
- }
-}
http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java
index 52044da..3f0e981 100644
--- a/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java
+++ b/wicket-util/src/main/java/org/apache/wicket/util/encoding/UrlEncoder.java
@@ -59,10 +59,6 @@ public class UrlEncoder
// list of what not to decode
protected BitSet dontNeedEncoding;
- // E.g. "?" for FULL_PATH encoding when querystring has already been
- // encoded.
- private final char stopChar;
-
// used in decoding
protected static final int caseDiff = ('a' - 'A');
@@ -72,7 +68,7 @@ public class UrlEncoder
*
* For example: http://org.acme/notthis/northis/oreventhis?buthis=isokay&asis=thispart
*/
- public static final UrlEncoder QUERY_INSTANCE = new UrlEncoder(Type.QUERY, '\0');
+ public static final UrlEncoder QUERY_INSTANCE = new UrlEncoder(Type.QUERY);
/**
* Encoder used to encode components of a path.<br/>
@@ -80,7 +76,7 @@ public class UrlEncoder
*
* For example: http://org.acme/foo/thispart/orthispart?butnot=thispart
*/
- public static final UrlEncoder PATH_INSTANCE = new UrlEncoder(Type.PATH, '\0');
+ public static final UrlEncoder PATH_INSTANCE = new UrlEncoder(Type.PATH);
/**
* Encoder used to encode all path segments. Querystring will be excluded.<br/>
@@ -88,20 +84,18 @@ public class UrlEncoder
*
* For example: http://org.acme/foo/thispart/orthispart?butnot=thispart
*/
- public static final UrlEncoder FULL_PATH_INSTANCE = new UrlEncoder(Type.FULL_PATH, '?');
+ public static final UrlEncoder FULL_PATH_INSTANCE = new UrlEncoder(Type.FULL_PATH);
+
+ private final Type type;
/**
* Allow subclass to call constructor.
*
* @param type
* encoder type
- * @param stopChar
- * stop encoding when stopChar found
*/
- protected UrlEncoder(final Type type, final char stopChar)
+ protected UrlEncoder(final Type type)
{
- this.stopChar = stopChar;
-
/*
* This note from java.net.URLEncoder ==================================
*
@@ -150,6 +144,7 @@ public class UrlEncoder
* query =( pchar / "/" / "?" )
*/
+ this.type = type;
// unreserved
dontNeedEncoding = new BitSet(256);
int i;
@@ -191,7 +186,7 @@ public class UrlEncoder
// encoding type-specific
switch (type)
{
- // this code consistent with java.net.URLEncoder version
+ // this code consistent with java.net.URLEncoder version
case QUERY :
// encoding a space to a + is done in the encode() method
dontNeedEncoding.set(' ');
@@ -257,9 +252,9 @@ public class UrlEncoder
* @return encoded string
* @see java.net.URLEncoder#encode(String, String)
*/
- public String encode(final String s, final String charsetName)
+ public String encode(final String unsafeInput, final String charsetName)
{
- boolean needToChange = false;
+ final String s = unsafeInput.replace("\0", "NULL");
StringBuilder out = new StringBuilder(s.length());
Charset charset;
CharArrayWriter charArrayWriter = new CharArrayWriter();
@@ -284,7 +279,7 @@ public class UrlEncoder
{
int c = s.charAt(i);
- if ((stopEncoding == false) && (c == stopChar))
+ if ((stopEncoding == false) && (c == '?' && type == Type.FULL_PATH))
{
stopEncoding = true;
}
@@ -295,7 +290,6 @@ public class UrlEncoder
if (c == ' ')
{
c = '+';
- needToChange = true;
}
// System.out.println("Storing: " + c);
out.append((char)c);
@@ -361,10 +355,9 @@ public class UrlEncoder
out.append(ch);
}
charArrayWriter.reset();
- needToChange = true;
}
}
- return (needToChange ? out.toString() : s);
+ return out.toString();
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java
new file mode 100644
index 0000000..6564fd6
--- /dev/null
+++ b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlDecoderTest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.util.encoding;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class UrlDecoderTest
+{
+ @Test
+ public void mustNotEmitNullByteForPath() throws Exception
+ {
+ String evil = "http://www.devil.com/highway/to%00hell";
+ String decoded = UrlDecoder.PATH_INSTANCE.decode(evil, "UTF-8");
+ assertEquals(-1, decoded.indexOf('\0'));
+ assertEquals("http://www.devil.com/highway/toNULLhell", decoded);
+ }
+
+ @Test
+ public void mustNotEmitNullByteForQuery() throws Exception
+ {
+ String evil = "http://www.devil.com/highway?destination=%00hell";
+ String decoded = UrlDecoder.QUERY_INSTANCE.decode(evil, "UTF-8");
+ assertEquals(-1, decoded.indexOf('\0'));
+ assertEquals("http://www.devil.com/highway?destination=NULLhell", decoded);
+ }
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/d699add0/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java
index 6679a63..3691c74 100644
--- a/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java
+++ b/wicket-util/src/test/java/org/apache/wicket/util/encoding/UrlEncoderTest.java
@@ -41,13 +41,21 @@ public class UrlEncoderTest extends Assert
/**
* Do not encode semicolon in the Url's path because it is used in ';jsessionid=...'
- *
+ *
* https://issues.apache.org/jira/browse/WICKET-4409
*/
@Test
public void dontEncodeSemicolon()
{
- String encoded = UrlEncoder.PATH_INSTANCE.encode("path;jsessionid=1234567890", CharEncoding.UTF_8);
+ String encoded = UrlEncoder.PATH_INSTANCE.encode("path;jsessionid=1234567890",
+ CharEncoding.UTF_8);
assertEquals("path;jsessionid=1234567890", encoded);
}
+
+ @Test
+ public void dontStopOnNullByte() throws Exception
+ {
+ assertEquals("someone%27s%20badNULL%20url",
+ UrlEncoder.FULL_PATH_INSTANCE.encode("someone's bad\0 url", CharEncoding.UTF_8));
+ }
}