[Geoserver-devel] [JIRA] (GEOS-7034) ResponseUtil urlEncode may fail encoding valid URLs

Alessio Fabiani created an issue

GeoServer / GEOS-7034

ResponseUtil urlEncode may fail encoding valid URLs

Improvement

Unassigned

20/May/15 1:59 PM

Medium

Alessio Fabiani

Currently the ResponseUtil.urlEncode method just uses the java.net.URLEncoder method to encode special characters for the parameters values.

This works fine unless the parameter value does not represent a valid URL.

The java.net.URLEncoder performs a HTML Form encoding. In other words a value like this:

https://mywebsite/…

would result in something like the following

http%3A%2F%2Fmywebsite%2F

i.e. an invalid URL.

A possible solution would be to add a check for a valid URL on the encodeURL method, avoiding to encode also the scheme and path of the URL in case this is provided as value of the parameter itself.

/**

• URL encodes the value towards the ISO-8859-1 charset

• @param value
  */
  public static String urlEncode(String value) {
  try
  Unknown macro: { UrlValidator urlValidator = new UrlValidator(); if(urlValidator.isValid(value)) { // Don’t use the URLEncoder class! Despite the name, that class actually does HTML form encoding, not URL encoding. It’s not correct // to concatenate unencoded strings to make an “unencoded” URL and then pass it through a URLEncoder. Doing so will result in problems // (particularly the aforementioned one regarding spaces and plus signs in the path). return URI.create(value).toASCIIString(); } else { // TODO: URLEncoder also encodes ( and ) which are considered safe chars, // see also http://www.w3.org/International/O-URL-code.html return URLEncoder.encode(value, “ISO-8859-1”); } }

  catch (UnsupportedEncodingException e)

  { throw new RuntimeException(“This is unexpected”, e); }

  }

Add Comment

This message was sent by Atlassian JIRA (v6.5-OD-03-002#65000-sha1:b8f65f8)