[MAGNOLIA-6272] Magnolia returns internal server error for selectors and request parameters with value '%' Created: 26/Jun/15  Updated: 28/Aug/15  Resolved: 26/Aug/15

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 4.5.23
Fix Version/s: 4.5.26

Type: Bug Priority: Neutral
Reporter: Richard Gange Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: support
Remaining Estimate: 0d
Time Spent: 0.25h
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-6025 Magnolia returns internal server erro... Closed
causality
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Sprint: Sprint 7 (Kromeriz)
Story Points: 2

 Description   

If you manipulate any Magnolia URL by adding a (possibly dummy) request parameter with value '%' Magnolia returns an ugly 500 internal server error from the filter chain.

I can reproduce this on any Magnolia site. E.g.
http://www.magnolia-cms.com/product/features.html?test=%

This results in a stack trace in the log:

java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
	at java.net.URLDecoder.decode(URLDecoder.java:187)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:95)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1645)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:564)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:596)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:498)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:191)
	at org.eclipse.jetty.server.Dispatcher.error(Dispatcher.java:77)
	at org.eclipse.jetty.server.handler.ErrorHandler.handle(ErrorHandler.java:91)
	at org.eclipse.jetty.server.Response.sendError(Response.java:589)
	at org.eclipse.jetty.server.Response.sendError(Response.java:547)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:626)

[..]

Same error also happens when '%' sign is in selector parameters:
http://localhost:8080/demo-project/about~aa=dd%~.html

java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
	java.net.URLDecoder.decode(URLDecoder.java:187)
	info.magnolia.cms.core.AggregationState.setSelector(AggregationState.java:247)
	info.magnolia.cms.filters.RepositoryMappingFilter.doFilter(RepositoryMappingFilter.java:97)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:69)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
	info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
	info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:74)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:80)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:112)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:120)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
	info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
	info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)

Generated at Mon Feb 12 04:12:56 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.