Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flash attributes not working with spaces in query parameters [SPR-12569] #17170

Closed
spring-issuemaster opened this issue Dec 24, 2014 · 3 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link
Collaborator

commented Dec 24, 2014

Ivan Stojić opened SPR-12569 and commented

Flash attributes don't seem to be working when redirecting to a URL with query parameters which contain spaces (which get encoded as a '+' character), e.g. /test?param=hello+there .

I've created a simple Spring Boot (1.2.0) application which can be used to test this issue:

@EnableAutoConfiguration
@Controller
public class DemoApplication {

    @RequestMapping("/")
    @ResponseBody
    String hello(ModelMap model) {
        String name = (String)model.getOrDefault("name", "???");
        return "Hello, " + name + "!";
    }

    @RequestMapping("/test1") // OK
    String test1(RedirectAttributes redir) {
        redir.addFlashAttribute("name", "World");
        return "redirect:/";
    }

    @RequestMapping("/test2") // OK
    String test2(RedirectAttributes redir) {
        redir.addFlashAttribute("name", "World");
        return "redirect:/?param=1";
    }

    @RequestMapping("/test3") // NOT WORKING
    String test3(RedirectAttributes redir) {
        redir.addFlashAttribute("name", "World");
        return "redirect:/?param=1+2";
    }

    @RequestMapping("/test4") // NOT WORKING
    String test4(RedirectAttributes redir) {
        redir.addFlashAttribute("name", "World");
        redir.addAttribute("param", "1 2");
        return "redirect:/";
    }

    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

Affects: 4.1.3

Issue Links:

  • #16441 Unable to retrieve FlashMap when contains "+"(half-space) in the request parameters ("is duplicated by")
  • #17577 flash attributes not mapped from session to request scope when parameter value is url encoded ("is duplicated by")
  • #14291 Flashmap matching logic fails when target params are encoded.
  • #16129 Unable to retrieve FlashMap when target parameters are encoded

Referenced from: commits spring-projects/spring-framework-issues@3b66b10, spring-projects/spring-framework-issues@7cd7012

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Dec 26, 2014

Rossen Stoyanchev commented

This is due to the use of URLEncoder in RedirectView for appended query parameters. Despite its name URLEncoder does HTML form encoding (not URI encoding) with the main difference being that spaces are encoded as "+" rather than %20. This interferes with the matching logic in the FlashMapManager which relies on UriUtils to decode the query parameters before using them for matching purposes after the redirect.

There is a workaround. Use a URI variable in the redirect URL. When expanded it is encoded with UriUtils:

@RequestMapping("/test4") // NOT WORKING
String test4(RedirectAttributes redir) {
    redir.addFlashAttribute("name", "World");
    redir.addAttribute("value", "1 2");
    return "redirect:/?param={value}";
}

A possible solution may be for FlashMapManager to perform matching against the (encoded) query string, hence skipping the need to decode in the first place.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Feb 24, 2015

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Mar 19, 2015

Rossen Stoyanchev commented

This should be fixed now. Effectively when matching the request for a FlashMap we now keep the query parameter values encoded and compare them against the queryString property which is also encoded. I've verified with the provided project but if any additional verification would be greatly appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.