Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double decoding of query parameters when creating Location #12354

Closed
ggecy opened this issue Nov 12, 2021 · 4 comments · Fixed by #12432
Closed

Double decoding of query parameters when creating Location #12354

ggecy opened this issue Nov 12, 2021 · 4 comments · Fixed by #12432
Assignees
@caalador
Labels
bug Impact: High prerelease version for platform 14.8.0 Released with Platform 14.7.8 Released with Platform 14.8.0.beta1 Released with Platform 22.0.1 Severity: Major

Comments

@ggecy
Copy link

ggecy commented Nov 12, 2021

When I open an URL with url encoded query parameters where a parameters contains a "+" symbol, the query parameter is incorrectly decoded twice and the "+" is removed from parameter value. This happens in com.vaadin.flow.router.Location#Location(java.lang.String) which calls the com.vaadin.flow.router.LocationUtil#parseQueryParameters where query string is first extracted query = new java.net.URI(location).getQuery(); - this decodes the url encoded string for the first time, the string at this point is correct and "+" symbol gets decoded from "%2B". Next the QueryParameters.fromString(query) is called which calls com.vaadin.flow.router.QueryParameters#makeQueryParamList and this decodes the string again using value = URLDecoder.decode(value, "utf-8"); - this removed the "+" symbol from the already decoded string and the parameter value is incorrect.

E.g. the encoded parameter value someValue1%2BsomeValue2 which should be decoded as someValue1+someValue2 gets decoded as someValue1 someValue2 instead which is wrong.

Versions:

- Vaadin / Flow version: 14.7.5 / 2.7.4
- Java version: 11
caalador added a commit that referenced this issue Nov 24, 2021
@caalador
fix: Do not decode + as space
b98139b 
Fix issue with URLDecoder handling
of '+' character.

Fixes #12354
@caalador caalador mentioned this issue Nov 24, 2021
Merged
@caalador caalador self-assigned this Nov 26, 2021
Artur- pushed a commit that referenced this issue Nov 29, 2021
@caalador
fix: Do not decode + as space (#12432)
94766fa 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354
vaadin-bot pushed a commit that referenced this issue Nov 29, 2021
@caalador @vaadin-bot
fix: Do not decode + as space (#12432)
0cc7787 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354
vaadin-bot pushed a commit that referenced this issue Nov 29, 2021
@caalador @vaadin-bot
fix: Do not decode + as space (#12432)
1b59401 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354
vaadin-bot pushed a commit that referenced this issue Nov 29, 2021
@caalador @vaadin-bot
fix: Do not decode + as space (#12432)
63da46e 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354
vaadin-bot pushed a commit that referenced this issue Nov 29, 2021
@caalador @vaadin-bot
fix: Do not decode + as space (#12432)
92eaf82 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354
vaadin-bot added a commit that referenced this issue Nov 29, 2021
@vaadin-bot @caalador
fix: Do not decode + as space (#12432) (#12466)
567bd21 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354

Co-authored-by: caalador <[email protected]>
vaadin-bot added a commit that referenced this issue Nov 29, 2021
@vaadin-bot @caalador
fix: Do not decode + as space (#12432) (#12468)
3d34020 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354

Co-authored-by: caalador <[email protected]>
vaadin-bot added a commit that referenced this issue Nov 29, 2021
@vaadin-bot @caalador
fix: Do not decode + as space (#12432) (#12465)
8f0445c 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354

Co-authored-by: caalador <[email protected]>
joheriks pushed a commit that referenced this issue Nov 29, 2021
@vaadin-bot @caalador
fix: Do not decode + as space (#12432) (#12467)
0863915 
Fix issue with URLDecoder handling of '+' character.

Fixes #12354

Co-authored-by: caalador <[email protected]>
@vaadin-bot
Copy link
Collaborator

This ticket/PR has been released with platform 14.8.0.beta1 and is also targeting the upcoming stable 14.8.0 version.

@vaadin-bot
Copy link
Collaborator

This ticket/PR has been released with platform 14.7.8.

@vaadin-bot
Copy link
Collaborator

This ticket/PR has been released with platform 22.0.1.

@mlopezFC
Copy link
Collaborator

This issue was solved by just handling the plus sign "+" special case, but something similar happens with the "%" character.
Is it possible to solve the underlying issue (avoid double decoding) instead of handling specific character conversion issues?

@mlopezFC mlopezFC mentioned this issue Jan 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caalador caalador

Labels
bug Impact: High prerelease version for platform 14.8.0 Released with Platform 14.7.8 Released with Platform 14.8.0.beta1 Released with Platform 22.0.1 Severity: Major
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Do not decode + as space vaadin/flow
4 participants
@ggecy @caalador @vaadin-bot @mlopezFC