cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25132] New: - CocoonServlet decodes URIs where it shouldn't
Date Tue, 02 Dec 2003 10:30:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25132>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25132

CocoonServlet decodes URIs where it shouldn't

           Summary: CocoonServlet decodes URIs where it shouldn't
           Product: Cocoon 2
           Version: Current CVS 2.1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: dev@cocoon.apache.org
        ReportedBy: g.brand@interface-business.de


CocoonServlet decodes a URI using the java.net.URLDecoder which is intended to 
be used with url encoded form parameter names and values and not with URIs (so 
it is used incorrectly in the first place).

Furthermore the servlet container (tomcat/jetty) already returns decoded URI 
parts (request.getServletPath(), request.getPathInfo()).
The specifications say that those methods reflect the cgi variables and if you 
do a small cgi with 'set' in it, you will notice they are decoded there, too.
(The URI classes from both java and jetty return decoded strings if you call 
the appropriate methods.)

For further information read:
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=106796038708692&w=2

>>> line 1087:
env = getEnvironment(URLDecoder.decode(uri), request, res);
>>> needs to be replaced with
env = getEnvironment(uri, request, res);

Mime
View raw message