You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Xavier Fournet (JIRA)" <ji...@apache.org> on 2015/11/06 22:52:11 UTC
[jira] [Issue Comment Deleted] (FELIX-5093)
HttpServletRequest.getRequestURI is broken for escaped char in URL since
3.1.0
[ https://issues.apache.org/jira/browse/FELIX-5093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xavier Fournet updated FELIX-5093:
----------------------------------
Comment: was deleted
(was: Fix proposition : https://github.com/apache/felix/pull/39)
> HttpServletRequest.getRequestURI is broken for escaped char in URL since 3.1.0
> ------------------------------------------------------------------------------
>
> Key: FELIX-5093
> URL: https://issues.apache.org/jira/browse/FELIX-5093
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-3.1.0, http.jetty-3.1.2
> Reporter: Xavier Fournet
> Priority: Blocker
> Fix For: http.jetty-3.1.4
>
> Attachments: requesturibug-1.0.0-SNAPSHOT.jar, requesturibug-sources.zip
>
>
> The HttpServletRequest.getRequestURI must return the URI without processing % escaping. Since version 3.1.0 this processing is done, so the returned value is incorrect. For exemple this can lead to error in Apache Shiro when it try to unescape % of an URI.
> See the attached jar for a bundle that can be used to reproduce the problem:
> * load the bundle
> * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test
> With HTTP Jetty < 3.1.0 it prints:
> {noformat}
> Request URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.handler.ServletHandlerRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is ok
> With HTTP Jetty 3.1.0 or 3.1.2 it prints:
> {noformat}
> Request URI: /requesturibug/test/test%test (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is wrong while the underlying request URI returned by Jetty itself is correct.
> When this request come the Shiro filter it will issue an exception because it will try to unescape "%te" which is not valid since "te" is not a number
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)