You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2022/09/18 18:36:05 UTC
[cxf] branch 3.6.x-fixes updated: CXF-8698: Content-ID of attachments for outgoing requests are URL-decoded instead of URL-encoded (limiting decoding only to % encoded characters) (#993)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.6.x-fixes by this push:
new c430bbb870 CXF-8698: Content-ID of attachments for outgoing requests are URL-decoded instead of URL-encoded (limiting decoding only to % encoded characters) (#993)
c430bbb870 is described below
commit c430bbb87042d4cb6db947820e73be0347a1e203
Author: Andriy Redko <dr...@gmail.com>
AuthorDate: Sun Sep 18 14:36:00 2022 -0400
CXF-8698: Content-ID of attachments for outgoing requests are URL-decoded instead of URL-encoded (limiting decoding only to % encoded characters) (#993)
---
.../java/org/apache/cxf/attachment/AttachmentSerializer.java | 10 ++++++++--
.../org/apache/cxf/attachment/AttachmentSerializerTest.java | 5 +++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java
index b46f715c6d..bb3dc4e04d 100644
--- a/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java
+++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentSerializer.java
@@ -26,6 +26,7 @@ import java.io.StringWriter;
import java.io.Writer;
import java.net.URLDecoder;
import java.net.URLEncoder;
+import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
@@ -225,8 +226,8 @@ public class AttachmentSerializer {
// remaining parts with an angle bracket pair, "<" and ">".
//
if (attachmentId.startsWith("cid:")) {
- writer.write(URLDecoder.decode(attachmentId.substring(4),
- StandardCharsets.UTF_8.name()));
+ writer.write(decode(attachmentId.substring(4),
+ StandardCharsets.UTF_8));
} else {
//
// RFC-2392 (https://datatracker.ietf.org/doc/html/rfc2392) says:
@@ -371,4 +372,9 @@ public class AttachmentSerializer {
this.xop = xop;
}
+ // URL decoder would also decode '+' but according to RFC-2392 we need to convert
+ // only the % encoded character to their equivalent US-ASCII characters.
+ private static String decode(String s, Charset charset) {
+ return URLDecoder.decode(s.replaceAll("([^%])[+]", "$1%2B"), charset);
+ }
}
diff --git a/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java b/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java
index 14e8b2a642..33df34fb3d 100644
--- a/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java
+++ b/core/src/test/java/org/apache/cxf/attachment/AttachmentSerializerTest.java
@@ -187,6 +187,11 @@ public class AttachmentSerializerTest {
public void testMessageMTOMUrlDecoded() throws Exception {
doTestMessageMTOM("test+me.xml", "<test%2Bme.xml>");
}
+
+ @Test
+ public void testMessageMTOMUrlDecodedCid() throws Exception {
+ doTestMessageMTOM("cid:test+me.xml", "<test+me.xml>");
+ }
private void doTestMessageMTOM(String contentId, String expectedContentId) throws Exception {
MessageImpl msg = new MessageImpl();