Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
14.10.4, 15.0
-
Unit
-
Unknown
-
N/A
-
N/A
-
Description
Since XWIKI-20549 XWikiServletResponse#sendRedirect repair invalid URLs but it seems to repair way too much.
To reproduce, try the following content in a page:
{{velocity}}
$response.sendRedirect('/xwiki/bin/edit/GroupeInformatique/Comptes%20Rendus/03%20f%C3%A9vrier%202023?template=Teams.Code.MeetingTemplate&parent=GroupeInformatique.Comptes Rendus.WebHome&date=03%2F02%2F2023%2011%3A30')
{{/velocity}}
(notice the unencoded white space in the middle of it)
when accessing the page you are redirected to URL
https://myserver/xwiki/bin/edit/GroupeInformatique/Comptes%2520Rendus/03%2520f%25C3%25A9vrier%25202023?template=Teams.Code.MeetingTemplate&parent=GroupeInformatique.Comptes%20Rendus.WebHome&date=03%252F02%252F2023%252011%253A30
in which the whole input was double encoded.
You don't have the problem if you pass a valid relative URL.
Even if the previous input is clearly invalid (and I fixed it) the thing is it used to work just fine and I feel we should only repair the white space and not double encode everything in such a case.
Attachments
Issue Links
- is caused by
-
XWIKI-20549 Provide a new script service API to check trustfulness of an URI
- Closed