root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Use URLDecoder for query params in WebFlux 

Issue: SPR-15860
This commit is contained in:
Rossen Stoyanchev 2017-08-16 13:34:31 +02:00
parent 8b7a670821
commit 645e3492db
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java
View File

@ -16,11 +16,15 @@
package org.springframework.http.server.reactive; package org.springframework.http.server.reactive;
import java.io.UnsupportedEncodingException;
import java.net.URI; import java.net.URI;
import java.nio.charset.StandardCharsets; import java.net.URLDecoder;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpCookie; import org.springframework.http.HttpCookie;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.server.RequestPath; import org.springframework.http.server.RequestPath;
@ -38,6 +42,8 @@ import org.springframework.util.StringUtils;
*/ */
public abstract class AbstractServerHttpRequest implements ServerHttpRequest { public abstract class AbstractServerHttpRequest implements ServerHttpRequest {
private static final Log logger = LogFactory.getLog(ServerHttpRequest.class);
private static final Pattern QUERY_PATTERN = Pattern.compile("([^&=]+)(=?)([^&]+)?"); private static final Pattern QUERY_PATTERN = Pattern.compile("([^&=]+)(=?)([^&]+)?");
@ -113,8 +119,18 @@ public abstract class AbstractServerHttpRequest implements ServerHttpRequest {
return queryParams; return queryParams;
} }
@SuppressWarnings("deprecation")
private String decodeQueryParam(String value) { private String decodeQueryParam(String value) {
return StringUtils.uriDecode(value, StandardCharsets.UTF_8); try {
return URLDecoder.decode(value, "UTF-8");
}
catch (UnsupportedEncodingException ex) {
if (logger.isWarnEnabled()) {
logger.warn("Could not decode query param [" + value + "] as 'UTF-8'. " +
"Falling back on default encoding; exception message: " + ex.getMessage());
}
return URLDecoder.decode(value);
}
} }
@Override @Override

4
spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2017 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -68,7 +68,7 @@ public class ServerHttpRequestTests {
public void queryParamsWithEncodedValue() throws Exception { public void queryParamsWithEncodedValue() throws Exception {
MultiValueMap<String, String> params = createHttpRequest("/path?a=%20%2B+%C3%A0").getQueryParams(); MultiValueMap<String, String> params = createHttpRequest("/path?a=%20%2B+%C3%A0").getQueryParams();
assertEquals(1, params.size()); assertEquals(1, params.size());
assertEquals(Collections.singletonList(" ++\u00e0"), params.get("a")); assertEquals(Collections.singletonList(" + \u00e0"), params.get("a"));
} }
@Test @Test

2
spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java
View File

@ -63,7 +63,7 @@ public class RequestMappingIntegrationTests extends AbstractRequestMappingIntegr
@Test // SPR-15140 @Test // SPR-15140
public void handleWithEncodedParam() throws Exception { public void handleWithEncodedParam() throws Exception {
String expected = "Hello ++\u00e0!"; String expected = "Hello + \u00e0!";
assertEquals(expected, performGet("/param?name=%20%2B+%C3%A0", new HttpHeaders(), String.class).getBody()); assertEquals(expected, performGet("/param?name=%20%2B+%C3%A0", new HttpHeaders(), String.class).getBody());
} }