Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-6849

Issue within CosMultipartRequestFilter regarding encoding of request parameters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 6.2
    • 5.4.9
    • core
    • None

    Description

      There is an issue within the CosMultipartRequestFilter regarding the encoding of request parameters. This issue happens
      under the following circunstances:

      • The request comes with a query string AND form data.
      • The request uses an encoding other thant US-ASCII (in our case UTF-8)

      The issue can be tested using the provided CosMultipartRequestFilterTest . The scenario is as followed:

      • The query string contains a parameter "query" with the value "Tür" (URI Encoding: T%C3%BCr).
      • Since the request encodes properly configured to UTF-8 the filters "on the top" can access the right value "Tür".
      • Due to the fact that there's form data the CosMultipartRequestFilter alters the request, so following filter will use
        the wrapper MultipartRequest.
      • The constructor of this MultipartRequest wrapper checks if there's a query string which is the case. However it
        doesn't respect the encoding so the the parsed parameters returned by HttpUtils.parseQueryString remain unencoded.
        This causes the previously properly encoded request parameter "query" to be replaced using the invalid encoded
        value "Tür"

      *******************************************************************
      Api documentation for javax.servlet.http.HttpServletRequest.getQueryString said:

      a <code>String</code> containing the query string or <code>null</code> if the URL contains no query string. The value is not decoded by the container.

      Since the value is NOT decoded by the container it's provided as it is.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              miruela Mercedes Iruela
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD