We're updating the issue view to help you get more done. 

Stripes decodes already-decoded URI

Description

GET /zip/DownloadZip.action/Len%25ovo.zip HTTP/1.1
Host: localhost:8080
...

fails with following exception:

java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "ov"
at java.net.URLDecoder.decode(URLDecoder.java:173)
at net.sourceforge.stripes.util.StringUtil.urlDecode(StringUtil.java:90)
at net.sourceforge.stripes.util.HttpUtil.getRequestedPath(HttpUtil.java:59)
at net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:220)
at net.sourceforge.stripes.controller.DynamicMappingFilter.doFilter(DynamicMappingFilter.java:418)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

for action with @UrlBinding("/zip/DownloadZip.action/{archiveName}").

Problem is that HttpUtil.getRequestedPath uses StringUtil.urlDecode to decode servletPath + pathInfo, however both request.servletPath and request.pathInfo are already decoded by Servlet Container, as mentioned in the documentation.

In our case, servletPath returns "/zip/DownloadZip.action/Len%ovo.zip" while pathInfo returns null. HttpUtil then tries to decode this string, which fails.

However it should not even try to do the decoding on its own.

Environment

Tomcat 7.0.37 on Mac OS X
Tomcat 7.0.27 on Linux

Status

Assignee

R

Reporter

Peter Stibrany

Labels

None

Tester

None

Components

Fix versions

Affects versions

Release 1.5.7

Priority

Major