You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by cn...@apache.org on 2016/09/28 11:13:30 UTC
struts git commit: WW-4628: proper decoding of parameters in
query-string
Repository: struts
Updated Branches:
refs/heads/master 50328ffe1 -> 9b38ad8fc
WW-4628: proper decoding of parameters in query-string
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/9b38ad8f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/9b38ad8f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/9b38ad8f
Branch: refs/heads/master
Commit: 9b38ad8fcf20bdbdb6baacd5812bcf196d80ea07
Parents: 50328ff
Author: cnenning <cn...@apache.org>
Authored: Wed Aug 3 13:02:16 2016 +0200
Committer: cnenning <cn...@apache.org>
Committed: Wed Sep 28 13:09:40 2016 +0200
----------------------------------------------------------------------
.../org/apache/struts2/util/URLDecoderUtil.java | 12 ++++
.../struts2/views/util/DefaultUrlHelper.java | 27 +++++---
.../apache/struts2/util/URLDecoderUtilTest.java | 7 ++
.../views/util/DefaultUrlHelperTest.java | 71 +++++---------------
4 files changed, 53 insertions(+), 64 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/9b38ad8f/core/src/main/java/org/apache/struts2/util/URLDecoderUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/util/URLDecoderUtil.java b/core/src/main/java/org/apache/struts2/util/URLDecoderUtil.java
index 10f2a78..3c61d1e 100644
--- a/core/src/main/java/org/apache/struts2/util/URLDecoderUtil.java
+++ b/core/src/main/java/org/apache/struts2/util/URLDecoderUtil.java
@@ -19,4 +19,16 @@ public class URLDecoderUtil {
return UDecoder.URLDecode(sequence, charset);
}
+ /**
+ * Decodes a <code>x-www-form-urlencoded</code> string.
+ * @param sequence the String to decode
+ * @param charset The name of a supported character encoding.
+ * @param isQueryString whether input is a query string. If <code>true</code> other decoding rules apply.
+ * @return the newly decoded <code>String</code>
+ * @exception IllegalArgumentException If the encoding is not valid
+ */
+ public static String decode(String sequence, String charset, boolean isQueryString) {
+ return UDecoder.URLDecode(sequence, charset, isQueryString);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/struts/blob/9b38ad8f/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java b/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
index 16739af..668d1a9 100644
--- a/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
+++ b/core/src/main/java/org/apache/struts2/views/util/DefaultUrlHelper.java
@@ -284,14 +284,25 @@ public class DefaultUrlHelper implements UrlHelper {
* @return the encoded string
*/
public String decode( String input ) {
- try {
- return URLDecoderUtil.decode(input, encoding);
- } catch (Exception e) {
- LOG.warn("Could not decode URL parameter '{}', returning value un-decoded", input);
- return input;
- }
+ return URLDecoderUtil.decode(input, encoding, false);
}
+ /**
+ * Decodes the URL using {@link URLDecoderUtil#decode(String, String, boolean)} with the encoding specified in the configuration.
+ *
+ * @param input the input to decode
+ * @param isQueryString whether input is a query string. If <code>true</code> other decoding rules apply.
+ * @return the encoded string
+ */
+ public String decode( String input, boolean isQueryString ) {
+ try {
+ return URLDecoderUtil.decode(input, encoding, isQueryString);
+ } catch (Exception e) {
+ LOG.warn("Could not decode URL parameter '{}', returning value un-decoded", input);
+ return input;
+ }
+ }
+
public Map<String, Object> parseQueryString(String queryString, boolean forceValueArray) {
Map<String, Object> queryParams = new LinkedHashMap<String, Object>();
if (queryString != null) {
@@ -308,8 +319,8 @@ public class DefaultUrlHelper implements UrlHelper {
paramValue = tmpParams[1];
}
if (paramName != null) {
- paramName = decode(paramName);
- String translatedParamValue = decode(paramValue);
+ paramName = decode(paramName, true);
+ String translatedParamValue = decode(paramValue, true);
if (queryParams.containsKey(paramName) || forceValueArray) {
// WW-1619 append new param value to existing value(s)
http://git-wip-us.apache.org/repos/asf/struts/blob/9b38ad8f/core/src/test/java/org/apache/struts2/util/URLDecoderUtilTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/struts2/util/URLDecoderUtilTest.java b/core/src/test/java/org/apache/struts2/util/URLDecoderUtilTest.java
index f21c08f..fd274bf 100644
--- a/core/src/test/java/org/apache/struts2/util/URLDecoderUtilTest.java
+++ b/core/src/test/java/org/apache/struts2/util/URLDecoderUtilTest.java
@@ -68,4 +68,11 @@ public class URLDecoderUtilTest {
assertEquals("xxxx\u00ea", result);
}
+ @Test
+ public void testURLDecodePlusCharAsSpace() {
+
+ String result = URLDecoderUtil.decode("a+b", "UTF-8", true);
+ assertEquals("a b", result);
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/struts/blob/9b38ad8f/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java b/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
index 57786c4..b4a5b26 100644
--- a/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
+++ b/core/src/test/java/org/apache/struts2/views/util/DefaultUrlHelperTest.java
@@ -21,22 +21,23 @@
package org.apache.struts2.views.util;
-import com.mockobjects.dynamic.Mock;
-import com.opensymphony.xwork2.ActionContext;
-import com.opensymphony.xwork2.inject.Container;
-import com.opensymphony.xwork2.inject.Scope.Strategy;
-import org.apache.struts2.StrutsConstants;
-import org.apache.struts2.StrutsInternalTestCase;
-import org.junit.Ignore;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.StrutsInternalTestCase;
+
+import com.mockobjects.dynamic.Mock;
+import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.inject.Container;
+import com.opensymphony.xwork2.inject.Scope.Strategy;
+
/**
* Test case for DefaultUrlHelper.
@@ -129,34 +130,6 @@ public class DefaultUrlHelperTest extends StrutsInternalTestCase {
expectedUrl, url.toString());
}
- @Ignore
- public void ignoreTestBuildUrlWithJavaScriptInjected() throws Exception {
- String expectedUrl = "http://localhost:8080/myContext/myPage.jsp?initParam=initValue&param1=value1&param2=value2&param3%22%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert%281%29%3B%3C%2Fscript%3E=value3";
-
- // there is explicit escaping for EcmaScript before URL encoding
- String expectedUrlBeforeEncoding = "http:\\/\\/localhost:8080\\/myContext\\/myPage.jsp?initParam=initValue&param1=value1&param2=value2&param3\\\"<script type=\\\"text\\/javascript\\\">alert(1);<\\/script>=value3";
-
- Mock mockHttpServletRequest = new Mock(HttpServletRequest.class);
- mockHttpServletRequest.expectAndReturn("getScheme", "http");
- mockHttpServletRequest.expectAndReturn("getServerName", "localhost");
- mockHttpServletRequest.expectAndReturn("getContextPath", "/myContext");
- mockHttpServletRequest.expectAndReturn("getServerPort", 8080);
-
- Mock mockHttpServletResponse = new Mock(HttpServletResponse.class);
- mockHttpServletResponse.expectAndReturn("encodeURL", expectedUrlBeforeEncoding, expectedUrl);
-
- Map parameters = new LinkedHashMap();
- parameters.put("param1", "value1");
- parameters.put("param2", "value2");
- parameters.put("param3\"<script type=\"text/javascript\">alert(1);</script>","value3");
-
- String result = urlHelper.buildUrl("/myPage.jsp?initParam=initValue", (HttpServletRequest) mockHttpServletRequest.proxy(), (HttpServletResponse) mockHttpServletResponse.proxy(), parameters, "http", true, true, true);
-
- assertEquals(
- expectedUrl, result);
- mockHttpServletRequest.verify();
- }
-
public void testForceAddNullSchemeHostAndPort() throws Exception {
String expectedUrl = "http://localhost/contextPath/path1/path2/myAction.action";
@@ -423,25 +396,11 @@ public class DefaultUrlHelperTest extends StrutsInternalTestCase {
assertEquals(result, expectedResult);
}
- @Ignore
- public void ignoreTestDontEncode() throws Exception {
- String expectedUrl = "http://localhost/contextPath/myAction.action?param1=value+with+spaces";
+ public void testDecodeSpacesInQueryString() throws Exception {
+ Map<String, Object> queryParameters = urlHelper.parseQueryString("name=value+with+space", false);
- Mock mockHttpServletRequest = new Mock(HttpServletRequest.class);
- mockHttpServletRequest.expectAndReturn("getScheme", "http");
- mockHttpServletRequest.expectAndReturn("getServerName", "localhost");
- mockHttpServletRequest.expectAndReturn("getContextPath", "/contextPath");
- mockHttpServletRequest.expectAndReturn("getServerPort", 80);
-
- Mock mockHttpServletResponse = new Mock(HttpServletResponse.class);
-
- Map parameters = new LinkedHashMap();
- parameters.put("param1", "value+with+spaces");
-
- String result = urlHelper.buildUrl("/myAction.action", (HttpServletRequest) mockHttpServletRequest.proxy(), (HttpServletResponse) mockHttpServletResponse.proxy(), parameters, "http", true, false, true);
-
- assertEquals(
- expectedUrl, result);
+ assertTrue(queryParameters.containsKey("name"));
+ assertEquals("value with space", queryParameters.get("name"));
}