Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-6272

Magnolia returns internal server error for selectors and request parameters with value '%'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 4.5.26
    • 4.5.23
    • None
    • Sprint 7 (Kromeriz)
    • 2

      If you manipulate any Magnolia URL by adding a (possibly dummy) request parameter with value '%' Magnolia returns an ugly 500 internal server error from the filter chain.

      I can reproduce this on any Magnolia site. E.g.
      http://www.magnolia-cms.com/product/features.html?test=%

      This results in a stack trace in the log:

      java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
	at java.net.URLDecoder.decode(URLDecoder.java:187)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:95)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1645)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:596)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191)
	at org.eclipse.jetty.server.Dispatcher.error(Dispatcher.java:77)
	at org.eclipse.jetty.server.handler.ErrorHandler.handle(ErrorHandler.java:91)
	at org.eclipse.jetty.server.Response.sendError(Response.java:589)
	at org.eclipse.jetty.server.Response.sendError(Response.java:547)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:626)

[..]

      Same error also happens when '%' sign is in selector parameters:
      http://localhost:8080/demo-project/about~aa=dd%~.html

      java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
	java.net.URLDecoder.decode(URLDecoder.java:187)
	info.magnolia.cms.core.AggregationState.setSelector(AggregationState.java:247)
	info.magnolia.cms.filters.RepositoryMappingFilter.doFilter(RepositoryMappingFilter.java:97)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:69)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
	info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
	info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:74)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:80)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:112)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:120)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
	info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)

        Acceptance criteria

              jsimak Jaroslav Simak
              rgange Richard Gange
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0d
                    0d
                    Logged:
                    Time Spent - 0.25h
                    0.25h