[jira] [Updated] (CXF-4207) CXF interprets URL-encoded slashes in PathParam prior to method dispatch

Tue, 27 Mar 2012 16:14:52 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matt Parker updated CXF-4207:
-----------------------------

    Description: 
For a method which handles, for example, "@Path(/rest/{value})": if either a 
forward or backward slash is encoded and provided as part of "{value}", CXF 
will interpret the encoded slash as a URI separator, rather than as a part of 
"{value}".

For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" 
prior to dispatching, and will then fail with a 400 Invalid URI, rather than 
passing "my\value" to the method handling the "/rest/{value}" URI.


  was:
For a method which handles, for example, "@Path(/rest/{value})": if either a 
forward or backward slash is encoded and provided as part of "{value}", CXF 
will interpret the encoded slash as a URI separator, rather than as a part of 
"{value}".

For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" 
prior to dispatching, and will then fail with a 404, rather than passing 
"my\value" to the method handling the "/rest/{value}" URI.

    
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
>                 Key: CXF-4207
>                 URL: https://issues.apache.org/jira/browse/CXF-4207
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.4.2, 2.5.3
>            Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a 
> forward or backward slash is encoded and provided as part of "{value}", CXF 
> will interpret the encoded slash as a URI separator, rather than as a part of 
> "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET 
> /rest/my\value" prior to dispatching, and will then fail with a 400 Invalid 
> URI, rather than passing "my\value" to the method handling the 
> "/rest/{value}" URI.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to