root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

SPR-8706 - UriUrils.decode() not properly rejecting invalid escaped URLs

This commit is contained in:
Arjen Poutsma 2011-09-27 08:55:07 +00:00
parent 67fda70cb8
commit 5afe139285
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
org.springframework.web/src/main/java/org/springframework/web/util/UriUtils.java
View File

@ -247,6 +247,7 @@ public abstract class UriUtils {
* @param source the source string * @param source the source string
* @param encoding the encoding * @param encoding the encoding
* @return the decoded URI * @return the decoded URI
* @throws IllegalArgumentException when the given source contains invalid encoded sequences
* @throws UnsupportedEncodingException when the given encoding parameter is not supported * @throws UnsupportedEncodingException when the given encoding parameter is not supported
* @see java.net.URLDecoder#decode(String, String) * @see java.net.URLDecoder#decode(String, String)
*/ */
@ -264,6 +265,9 @@ public abstract class UriUtils {
char hex2 = source.charAt(i + 2); char hex2 = source.charAt(i + 2);
int u = Character.digit(hex1, 16); int u = Character.digit(hex1, 16);
int l = Character.digit(hex2, 16); int l = Character.digit(hex2, 16);
if (u == -1 || l == -1) {
throw new IllegalArgumentException("Invalid encoded sequence \"" + source.substring(i) + "\"");
}
bos.write((char) ((u << 4) + l)); bos.write((char) ((u << 4) + l));
i += 2; i += 2;
changed = true; changed = true;