Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

UNDERTOW-2312 Regression

19 views
Skip to first unread message

Brad Wood

unread,
Nov 20, 2024, 3:05:13 PM11/20/24
to Undertow Dev
I believe ticket UNDERTOW-2312 has has caused a regression my users have reported.  When they are using the ALLOW_UNESCAPED_CHARACTERS_IN_URL  setting, Undertow has now started DOUBLE decoding query parameters.  That means a URL such as:

localhost?id=foo%2Bbar

which used to correctly result in a query parameter value of

foo+bar

now incorrectly creates a query parameter value of

foo bar

Note the %2B is now double-decoded into a space instead of being single-decoded into a plus sign.  I also don't understand why this setting would even affect decoding, as it's supposed to just be for allowing unescaped chars in the URL.  It shouldn't be causing anything to be decoded at all.  Any feedback on this?

Thanks!

~Brad

Richard Opalka

unread,
Nov 27, 2024, 9:48:19 AM11/27/24
to Undertow Dev
Hello Brad,

   Could you please create a JIRA ticket with simple reproducer?

Richard

Flavia Rainone

unread,
Nov 27, 2024, 10:00:56 AM11/27/24
to Undertow Dev
To complement Richard's response, the issue has an impact in decoding because internally characters are decoded according to the config you are using.

If you look at the PR for UNDERTOW-2312, you will see here: https://github.com/undertow-io/undertow/pull/1516/commits/ed93ab8975ca5a88b066f2f13cdb815ba0cffccb that the unencoded characters in the URL might need to be decoded.

We set the encoded path in the exchange, but if there is decoding required and Undertow is configured to allow unescaped characters, it will do decoding of them.

From your description, there is clearly something we missed when fixing it, I am looking forward to running a reproducer to figure it out.

Thank you,
Flavia
Reply all
Reply to author
Forward
0 new messages