Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20615

$response.sendRedirect repair too much

    XMLWordPrintable

Details

    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      Since XWIKI-20549 XWikiServletResponse#sendRedirect repair invalid URLs but it seems to repair way too much.

      To reproduce, try the following content in a page:

      {{velocity}}
      $response.sendRedirect('/xwiki/bin/edit/GroupeInformatique/Comptes%20Rendus/03%20f%C3%A9vrier%202023?template=Teams.Code.MeetingTemplate&parent=GroupeInformatique.Comptes Rendus.WebHome&date=03%2F02%2F2023%2011%3A30')
      {{/velocity}}
      

      (notice the unencoded white space in the middle of it)

      when accessing the page you are redirected to URL

      https://myserver/xwiki/bin/edit/GroupeInformatique/Comptes%2520Rendus/03%2520f%25C3%25A9vrier%25202023?template=Teams.Code.MeetingTemplate&parent=GroupeInformatique.Comptes%20Rendus.WebHome&date=03%252F02%252F2023%252011%253A30

      in which the whole input was double encoded.

      You don't have the problem if you pass a valid relative URL.

      Even if the previous input is clearly invalid (and I fixed it) the thing is it used to work just fine and I feel we should only repair the white space and not double encode everything in such a case.

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: