[Bug 61200] New: URL Encoded Space getting encoded again during rewrite

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 61200] New: URL Encoded Space getting encoded again during rewrite

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61200

            Bug ID: 61200
           Summary: URL Encoded Space getting encoded again during rewrite
           Product: Tomcat 8
           Version: 8.0.44
          Hardware: Other
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ----

Created attachment 35061
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35061&action=edit
Encoded space test case

After update to tomcat 8.0.44, there are some behaviour differences in URL
Rewrite.

URL encoded space (+) gets re-encoded as %2B after rewrite and param value gets
modified to + instead of space.

From the changelog, seems like below change related to encoding seems to be the
cause.

"Review those places where Tomcat re-encodes a URI or URI component and ensure
that that correct encoding (path differs from query string) is applied and that
the encoding is applied consistently."

Attached test case which passes in 8.0.43 but fails in 8.0.44

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 61200] URL Encoded Space getting encoded again during rewrite

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61200

Santhana Preethi <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
                 CC|                            |[hidden email]

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 61200] URL Encoded Space getting encoded again during rewrite

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61200

Mark Thomas <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Mark Thomas <[hidden email]> ---
Thanks for the test case. It makes it much, much easier to work with a bug
report that includes a test case.

This particular report is invalid.

The test set-up does this:
String url = "/a/" + URLEncoder.encode("Test Query", "UTF-8");

This results in a value for url of "/a/Test+query". And there lies the problem.
It is only valid to encode a ' ' with '+' in a query string so in this test
case the '+' gets treated as a literal '+' and is correctly encoded to %2B.

If the test is modified so url is correctly encoded:
String url = "/a/Test%20Query";

the test passes as expected.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 61200] URL Encoded Space getting encoded again during rewrite

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61200

--- Comment #2 from Santhana Preethi <[hidden email]> ---
(In reply to Mark Thomas from comment #1)

> Thanks for the test case. It makes it much, much easier to work with a bug
> report that includes a test case.
>
> This particular report is invalid.
>
> The test set-up does this:
> String url = "/a/" + URLEncoder.encode("Test Query", "UTF-8");
>
> This results in a value for url of "/a/Test+query". And there lies the
> problem. It is only valid to encode a ' ' with '+' in a query string so in
> this test case the '+' gets treated as a literal '+' and is correctly
> encoded to %2B.
>
> If the test is modified so url is correctly encoded:
> String url = "/a/Test%20Query";
>
> the test passes as expected.

Thanks for the clarification.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...