From 645e3492dba42ec14553fca642344cafba571ed0 Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Wed, 16 Aug 2017 13:34:31 +0200 Subject: [PATCH] Use URLDecoder for query params in WebFlux Issue: SPR-15860 --- .../reactive/AbstractServerHttpRequest.java | 20 +++++++++++++++++-- .../reactive/ServerHttpRequestTests.java | 4 ++-- .../RequestMappingIntegrationTests.java | 2 +- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java b/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java index b65ba706de..25f24d2892 100644 --- a/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java +++ b/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java @@ -16,11 +16,15 @@ package org.springframework.http.server.reactive; +import java.io.UnsupportedEncodingException; import java.net.URI; -import java.nio.charset.StandardCharsets; +import java.net.URLDecoder; import java.util.regex.Matcher; import java.util.regex.Pattern; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + import org.springframework.http.HttpCookie; import org.springframework.http.HttpHeaders; import org.springframework.http.server.RequestPath; @@ -38,6 +42,8 @@ import org.springframework.util.StringUtils; */ public abstract class AbstractServerHttpRequest implements ServerHttpRequest { + private static final Log logger = LogFactory.getLog(ServerHttpRequest.class); + private static final Pattern QUERY_PATTERN = Pattern.compile("([^&=]+)(=?)([^&]+)?"); @@ -113,8 +119,18 @@ public abstract class AbstractServerHttpRequest implements ServerHttpRequest { return queryParams; } + @SuppressWarnings("deprecation") private String decodeQueryParam(String value) { - return StringUtils.uriDecode(value, StandardCharsets.UTF_8); + try { + return URLDecoder.decode(value, "UTF-8"); + } + catch (UnsupportedEncodingException ex) { + if (logger.isWarnEnabled()) { + logger.warn("Could not decode query param [" + value + "] as 'UTF-8'. " + + "Falling back on default encoding; exception message: " + ex.getMessage()); + } + return URLDecoder.decode(value); + } } @Override diff --git a/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java b/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java index c79534ae2e..4c81ece754 100644 --- a/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java +++ b/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2017 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -68,7 +68,7 @@ public class ServerHttpRequestTests { public void queryParamsWithEncodedValue() throws Exception { MultiValueMap params = createHttpRequest("/path?a=%20%2B+%C3%A0").getQueryParams(); assertEquals(1, params.size()); - assertEquals(Collections.singletonList(" ++\u00e0"), params.get("a")); + assertEquals(Collections.singletonList(" + \u00e0"), params.get("a")); } @Test diff --git a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java index ffb84790b2..0ce229dd14 100644 --- a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java +++ b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java @@ -63,7 +63,7 @@ public class RequestMappingIntegrationTests extends AbstractRequestMappingIntegr @Test // SPR-15140 public void handleWithEncodedParam() throws Exception { - String expected = "Hello ++\u00e0!"; + String expected = "Hello + \u00e0!"; assertEquals(expected, performGet("/param?name=%20%2B+%C3%A0", new HttpHeaders(), String.class).getBody()); }