Skip to content

Commit 17b6a1e

Browse files
rstoyanchevlijunyzzZ
rstoyanchev
authored and
lijunyzzZ
committed
Update processPath for double encoding
See spring-projectsgh-33689
1 parent ba05787 commit 17b6a1e

File tree

2 files changed

+32
-17
lines changed

2 files changed

+32
-17
lines changed

spring-webflux/src/main/java/org/springframework/web/reactive/resource/ResourceHandlerUtils.java

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -98,22 +98,29 @@ else if (path.charAt(i) > ' ' && path.charAt(i) != 127) {
9898
}
9999
return (slash ? "/" : "");
100100
}
101-
101+
102102
private static String normalizePath(String path) {
103-
if (path.contains("%")) {
104-
try {
105-
path = URLDecoder.decode(path, StandardCharsets.UTF_8);
106-
}
107-
catch (Exception ex) {
108-
return "";
103+
String result = path;
104+
if (result.contains("%")) {
105+
result = decode(result);
106+
if (result.contains("%")) {
107+
result = decode(result);
109108
}
110-
if (path.contains("../")) {
111-
path = StringUtils.cleanPath(path);
109+
if (result.contains("../")) {
110+
return StringUtils.cleanPath(result);
112111
}
113112
}
114113
return path;
115114
}
116115

116+
private static String decode(String path) {
117+
try {
118+
return URLDecoder.decode(path, StandardCharsets.UTF_8);
119+
}
120+
catch (Exception ex) {
121+
return "";
122+
}
123+
}
117124

118125
/**
119126
* Whether the given input path is invalid as determined by

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -680,20 +680,28 @@ else if (path.charAt(i) > ' ' && path.charAt(i) != 127) {
680680
}
681681

682682
private static String normalizePath(String path) {
683-
if (path.contains("%")) {
684-
try {
685-
path = URLDecoder.decode(path, StandardCharsets.UTF_8);
686-
}
687-
catch (Exception ex) {
688-
return "";
683+
String result = path;
684+
if (result.contains("%")) {
685+
result = decode(result);
686+
if (result.contains("%")) {
687+
result = decode(result);
689688
}
690-
if (path.contains("../")) {
691-
path = StringUtils.cleanPath(path);
689+
if (result.contains("../")) {
690+
return StringUtils.cleanPath(result);
692691
}
693692
}
694693
return path;
695694
}
696695

696+
private static String decode(String path) {
697+
try {
698+
return URLDecoder.decode(path, StandardCharsets.UTF_8);
699+
}
700+
catch (Exception ex) {
701+
return "";
702+
}
703+
}
704+
697705
/**
698706
* Invoked after {@link ResourceHandlerUtils#isInvalidPath(String)}
699707
* to allow subclasses to perform further validation.

0 commit comments

Comments
 (0)