Menu
Let's presume that I have string like '=&?/;#+%' to be a part of my URL, let's say like this:
example.com/servletPath/someOtherPath/myString/something.html?a=b&c=d#asdf
where myString is the above string. I've encoded critical part so URL looks like
example.com/servletPath/someOtherPath/%3D%26%3F%2F%3B%23%2B%25/something.html?a=b&c=d#asdf
So far so good.
When I'm in the servlet and I read any of request.getRequestURI(), request.getRequestURL() or request.getPathInfo(), returned value is already decoded, so I get strilng like
someOtherPath/=&?/;#+%/something.html?a=b&c=d#asdf
and I can't differentiate between real special characters and encoded ones.
I've solved particular problem by banning above chars altogether, which works in this situation, but I still wonder is there any way to get undecoded URL in servlet class.
YET ANOTHER EDIT: When I've hit this problem last evening I was too tired to notice what is really going on, which is even more bizarre! I have servlet mapped on, say /servletPath/* after that I can put whatever I want and get my servlet responding depending on the rest of a path, except when there is %2F in the path. In that case request never hits the servlet, and I get 404! If i put '/' instead of %2F it works OK. I'm running Tomcat 6.0.14 on Java 1.6.0-04 on Linux.
760
There is a fundamental difference between '%2F' and '/', both for the browser and the server.
The HttpServletRequest specification says (without any logic, AFAICT):
The result of getPathInfo() should be decoded, but the result of getRequestURI() must not be decoded. If it is, your Servlet container is breaking the spec (as Wouter Coekaerts and Francois Gravel correctly pointed out). Which Tomcat version are you running?
Making matters even more confusing, current Tomcat versions reject paths that contain encodings of certain special characters, for security reasons.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
