Decode static resource path with UriUtils

See gh-33859
2024-11-12 11:39:10 +00:00 · 2024-11-12 11:39:10 +00:00 · cbe2f36106
parent 9dabfdf0bf
commit cbe2f36106
2 changed files with 25 additions and 24 deletions
--- a/spring-webflux/src/main/java/org/springframework/web/reactive/resource/ResourceHandlerUtils.java
+++ b/spring-webflux/src/main/java/org/springframework/web/reactive/resource/ResourceHandlerUtils.java
@ -196,23 +196,23 @@ public abstract class ResourceHandlerUtils {
 	}

 	private static boolean isInvalidEncodedPath(String path) {
-		if (path.contains("%")) {
-			String decodedPath = decode(path);
-			if (decodedPath.contains("%")) {
-				decodedPath = decode(decodedPath);
-			}
-			if (isInvalidPath(decodedPath)) {
-				return true;
-			}
-			decodedPath = normalizeInputPath(decodedPath);
-			return isInvalidPath(decodedPath);
+		String decodedPath = decode(path);
+		if (decodedPath.contains("%")) {
+			decodedPath = decode(decodedPath);
 		}
-		return false;
+		if (!StringUtils.hasText(decodedPath)) {
+			return true;
+		}
+		if (isInvalidPath(decodedPath)) {
+			return true;
+		}
+		decodedPath = normalizeInputPath(decodedPath);
+		return isInvalidPath(decodedPath);
 	}

 	private static String decode(String path) {
 		try {
-			return URLDecoder.decode(path, StandardCharsets.UTF_8);
+			return UriUtils.decode(path, StandardCharsets.UTF_8);
 		}
 		catch (Exception ex) {
 			return "";
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHandlerUtils.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHandlerUtils.java
@ -32,6 +32,7 @@ import org.springframework.util.Assert;
 import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.context.support.ServletContextResource;
+import org.springframework.web.util.UriUtils;

 /**
 * Resource handling utility methods to share common logic between
@ -201,23 +202,23 @@ public abstract class ResourceHandlerUtils {
 	 * @return {@code true} if the path is invalid, {@code false} otherwise
 	 */
 	private static boolean isInvalidEncodedPath(String path) {
-		if (path.contains("%")) {
-			String decodedPath = decode(path);
-			if (decodedPath.contains("%")) {
-				decodedPath = decode(decodedPath);
-			}
-			if (isInvalidPath(decodedPath)) {
-				return true;
-			}
-			decodedPath = normalizeInputPath(decodedPath);
-			return isInvalidPath(decodedPath);
+		String decodedPath = decode(path);
+		if (decodedPath.contains("%")) {
+			decodedPath = decode(decodedPath);
 		}
-		return false;
+		if (!StringUtils.hasText(decodedPath)) {
+			return true;
+		}
+		if (isInvalidPath(decodedPath)) {
+			return true;
+		}
+		decodedPath = normalizeInputPath(decodedPath);
+		return isInvalidPath(decodedPath);
 	}

 	private static String decode(String path) {
 		try {
-			return URLDecoder.decode(path, StandardCharsets.UTF_8);
+			return UriUtils.decode(path, StandardCharsets.UTF_8);
 		}
 		catch (Exception ex) {
 			return "";