Use URLDecoder for query params in WebFlux

Issue: SPR-15860
7 years ago · 645e3492db
3 changed files with 21 additions and 5 deletions
--- a/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java
+++ b/spring-web/src/main/java/org/springframework/http/server/reactive/AbstractServerHttpRequest.java
@ -16,11 +16,15 @@
				@@ -16,11 +16,15 @@

 package org.springframework.http.server.reactive;

+import java.io.UnsupportedEncodingException;
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
+import java.net.URLDecoder;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.http.HttpCookie;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.server.RequestPath;
@ -38,6 +42,8 @@ import org.springframework.util.StringUtils;
				@@ -38,6 +42,8 @@ import org.springframework.util.StringUtils;
 */
 public abstract class AbstractServerHttpRequest implements ServerHttpRequest {

+	private static final Log logger = LogFactory.getLog(ServerHttpRequest.class);
+
 	private static final Pattern QUERY_PATTERN = Pattern.compile("([^&=]+)(=?)([^&]+)?");


@ -113,8 +119,18 @@ public abstract class AbstractServerHttpRequest implements ServerHttpRequest {
				@@ -113,8 +119,18 @@ public abstract class AbstractServerHttpRequest implements ServerHttpRequest {
 		return queryParams;
 	}

+	@SuppressWarnings("deprecation")
 	private String decodeQueryParam(String value) {
-		return StringUtils.uriDecode(value, StandardCharsets.UTF_8);
+		try {
+			return URLDecoder.decode(value, "UTF-8");
+		}
+		catch (UnsupportedEncodingException ex) {
+			if (logger.isWarnEnabled()) {
+				logger.warn("Could not decode query param [" + value + "] as 'UTF-8'. " +
+						"Falling back on default encoding; exception message: " + ex.getMessage());
+			}
+			return URLDecoder.decode(value);
+		}
 	}

 	@Override
--- a/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java
+++ b/spring-web/src/test/java/org/springframework/http/server/reactive/ServerHttpRequestTests.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -68,7 +68,7 @@ public class ServerHttpRequestTests {
				@@ -68,7 +68,7 @@ public class ServerHttpRequestTests {
 	public void queryParamsWithEncodedValue() throws Exception {
 		MultiValueMap<String, String> params = createHttpRequest("/path?a=%20%2B+%C3%A0").getQueryParams();
 		assertEquals(1, params.size());
-		assertEquals(Collections.singletonList(" ++\u00e0"), params.get("a"));
+		assertEquals(Collections.singletonList(" + \u00e0"), params.get("a"));
 	}

 	@Test
--- a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java
+++ b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/RequestMappingIntegrationTests.java
@ -63,7 +63,7 @@ public class RequestMappingIntegrationTests extends AbstractRequestMappingIntegr
				@@ -63,7 +63,7 @@ public class RequestMappingIntegrationTests extends AbstractRequestMappingIntegr

 	@Test // SPR-15140
 	public void handleWithEncodedParam() throws Exception {
-		String expected = "Hello  ++\u00e0!";
+		String expected = "Hello  + \u00e0!";
 		assertEquals(expected, performGet("/param?name=%20%2B+%C3%A0", new HttpHeaders(), String.class).getBody());
 	}