Return-Path: X-Original-To: apmail-myfaces-dev-archive@www.apache.org Delivered-To: apmail-myfaces-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0C337710E for ; Mon, 18 Jul 2011 14:30:24 +0000 (UTC) Received: (qmail 66181 invoked by uid 500); 18 Jul 2011 14:30:23 -0000 Delivered-To: apmail-myfaces-dev-archive@myfaces.apache.org Received: (qmail 66152 invoked by uid 500); 18 Jul 2011 14:30:22 -0000 Mailing-List: contact dev-help@myfaces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "MyFaces Development" Delivered-To: mailing list dev@myfaces.apache.org Received: (qmail 66139 invoked by uid 99); 18 Jul 2011 14:30:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jul 2011 14:30:22 +0000 X-ASF-Spam-Status: No, hits=-2001.1 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jul 2011 14:30:20 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 431A041B75 for ; Mon, 18 Jul 2011 14:29:59 +0000 (UTC) Date: Mon, 18 Jul 2011 14:29:59 +0000 (UTC) From: "Christian Kaltepoth (JIRA)" To: dev@myfaces.apache.org Message-ID: <1674292404.288.1310999399271.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <462616709.264.1310999158833.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (MYFACES-3229) ServletExternalContextImpl.encodeRedirectURL() doesn't handle existing query parameters correctly MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MYFACES-3229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067054#comment-13067054 ] Christian Kaltepoth commented on MYFACES-3229: ---------------------------------------------- Sorry, I forgot to mention that both MyFaces 2.0.x and 2.1.x seem to be affected! > ServletExternalContextImpl.encodeRedirectURL() doesn't handle existing query parameters correctly > ------------------------------------------------------------------------------------------------- > > Key: MYFACES-3229 > URL: https://issues.apache.org/jira/browse/MYFACES-3229 > Project: MyFaces Core > Issue Type: Bug > Components: JSR-314 > Affects Versions: 2.1.1 > Reporter: Christian Kaltepoth > Attachments: MYFACES-3229-failing-unit-test.patch > > > ServletExternalContextImpl.encodeRedirectURL() doesn't work correctly if the base URL already contains encoded query parameters. In this case the resulting URL contains the query parameter encoded twice, which completely breaks them. > Take a look at this example: > externalContext.encodeRedirectURL("/test?p1=a+b", null); > Result ----> /test?p1=a%2Bb > Another example are encoded ampersand: > externalContext.encodeRedirectURL("/test?p1=a%26b", null); > Result ----> /test?p1=a%2526b > The root cause of the problem seems to be that ServletExternalContextImpl.encodeURL() doesn't decode the query parameters while parsing the base URL. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira