-
Bug
-
Resolution: Fixed
-
Neutral
-
5.3.6
-
None
If you manipulate any Magnolia URL by adding a (possibly dummy) request parameter with value '%' Magnolia returns an ugly 500 internal server error from the filter chain.
I can reproduce this on any Magnolia site. E.g.
http://www.magnolia-cms.com/product/features.html?test=%
This results in a stack trace in the log:
java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern at java.net.URLDecoder.decode(URLDecoder.java:187) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:95) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106) at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1645) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:596) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191) at org.eclipse.jetty.server.Dispatcher.error(Dispatcher.java:77) at org.eclipse.jetty.server.handler.ErrorHandler.handle(ErrorHandler.java:91) at org.eclipse.jetty.server.Response.sendError(Response.java:589) at org.eclipse.jetty.server.Response.sendError(Response.java:547) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:626) [..]
Same error also happens when '%' sign is in selector parameters:
http://localhost:8080/demo-project/about~aa=dd%~.html
java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern java.net.URLDecoder.decode(URLDecoder.java:187) info.magnolia.cms.core.AggregationState.setSelector(AggregationState.java:247) info.magnolia.cms.filters.RepositoryMappingFilter.doFilter(RepositoryMappingFilter.java:97) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:69) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58) info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66) info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:74) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:80) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:112) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:120) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71) info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
Acceptance criteria
- is cloned by
-
MAGNOLIA-6272 Magnolia returns internal server error for selectors and request parameters with value '%'
- Closed