Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: Release 1.5.7
    • Fix versions: Release 1.5.8, Release 1.6
    • Labels:
      None
    • Environment:
      Tomcat 7.0.37 on Mac OS X
      Tomcat 7.0.27 on Linux
    • Sprint:

      Description

      GET /zip/DownloadZip.action/Len%25ovo.zip HTTP/1.1
      Host: localhost:8080
      ...

      fails with following exception:

      java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "ov"
      at java.net.URLDecoder.decode(URLDecoder.java:173)
      at net.sourceforge.stripes.util.StringUtil.urlDecode(StringUtil.java:90)
      at net.sourceforge.stripes.util.HttpUtil.getRequestedPath(HttpUtil.java:59)
      at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:220)
      at net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:418)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

      for action with @UrlBinding("/zip/DownloadZip.action/

      {archiveName}

      ").

      Problem is that HttpUtil.getRequestedPath uses StringUtil.urlDecode to decode servletPath + pathInfo, however both request.servletPath and request.pathInfo are already decoded by Servlet Container, as mentioned in the documentation.

      In our case, servletPath returns "/zip/DownloadZip.action/Len%ovo.zip" while pathInfo returns null. HttpUtil then tries to decode this string, which fails.

      However it should not even try to do the decoding on its own.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                vankeisb R
                Reporter:
                pstibrany Peter Stibrany
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: