From 5afe13928528cc37cdf6337a7e8a9c8d061ba6a5 Mon Sep 17 00:00:00 2001
From: Arjen Poutsma <apoutsma@vmware.com>
Date: Tue, 27 Sep 2011 08:55:07 +0000
Subject: [PATCH] SPR-8706 - UriUrils.decode() not properly rejecting invalid
 escaped URLs

---
 .../src/main/java/org/springframework/web/util/UriUtils.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/org.springframework.web/src/main/java/org/springframework/web/util/UriUtils.java b/org.springframework.web/src/main/java/org/springframework/web/util/UriUtils.java
index cc818859e74..74d306320d3 100644
--- a/org.springframework.web/src/main/java/org/springframework/web/util/UriUtils.java
+++ b/org.springframework.web/src/main/java/org/springframework/web/util/UriUtils.java
@@ -247,6 +247,7 @@ public abstract class UriUtils {
 	 * @param source the source string
 	 * @param encoding the encoding
 	 * @return the decoded URI
+	 * @throws IllegalArgumentException when the given source contains invalid encoded sequences
 	 * @throws UnsupportedEncodingException when the given encoding parameter is not supported
 	 * @see java.net.URLDecoder#decode(String, String)
 	 */
@@ -264,6 +265,9 @@ public abstract class UriUtils {
 					char hex2 = source.charAt(i + 2);
 					int u = Character.digit(hex1, 16);
 					int l = Character.digit(hex2, 16);
+					if (u == -1 || l == -1) {
+						throw new IllegalArgumentException("Invalid encoded sequence \"" + source.substring(i) + "\"");
+					}
 					bos.write((char) ((u << 4) + l));
 					i += 2;
 					changed = true;