You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Xavier Fournet (JIRA)" <ji...@apache.org> on 2015/11/06 22:52:11 UTC

[jira] [Issue Comment Deleted] (FELIX-5093) HttpServletRequest.getRequestURI is broken for escaped char in URL since 3.1.0

     [ https://issues.apache.org/jira/browse/FELIX-5093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Xavier Fournet updated FELIX-5093:
----------------------------------
    Comment: was deleted

(was: Fix proposition : https://github.com/apache/felix/pull/39)

> HttpServletRequest.getRequestURI is broken for escaped char in URL since 3.1.0
> ------------------------------------------------------------------------------
>
>                 Key: FELIX-5093
>                 URL: https://issues.apache.org/jira/browse/FELIX-5093
>             Project: Felix
>          Issue Type: Bug
>          Components: HTTP Service
>    Affects Versions: http.jetty-3.1.0, http.jetty-3.1.2
>            Reporter: Xavier Fournet
>            Priority: Blocker
>             Fix For: http.jetty-3.1.4
>
>         Attachments: requesturibug-1.0.0-SNAPSHOT.jar, requesturibug-sources.zip
>
>
> The HttpServletRequest.getRequestURI must return the URI without processing % escaping. Since version 3.1.0 this processing is done, so the returned value is incorrect. For exemple this can lead to error in Apache Shiro when it try to unescape % of an URI.
> See the attached jar for a bundle that can be used to reproduce the problem:
> * load the bundle
> * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test
> With HTTP Jetty < 3.1.0 it prints:
> {noformat}
> Request URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.handler.ServletHandlerRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is ok
> With HTTP Jetty 3.1.0 or 3.1.2 it prints:
> {noformat}
> Request URI: /requesturibug/test/test%test (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper)
> Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request)
> {noformat}
> => request URI is wrong while the underlying request URI returned by Jetty itself is correct.
> When this request come the Shiro filter it will issue an exception because it will try to unescape "%te" which is not valid since "te" is not a number



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)