Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPR-15140: @RequestParam injects a raw undecoded string for reactive HTTP requests #1297

Closed
wants to merge 1 commit into from
Closed

SPR-15140: @RequestParam injects a raw undecoded string for reactive HTTP requests #1297

wants to merge 1 commit into from

Conversation

eiiches
Copy link
Contributor

@eiiches eiiches commented Jan 14, 2017
edited

When using spring-web-reactive, %-encoded strings were injected as-is into @RequestParam variables, which does not coincide with spring-webmvc behaviour.

Example:

@ResponseBody
@GetMapping("/search")
public String search(@RequestParam("q") String q) {
    return q;
}
curl -s 'http://localhost:8080/search?q=%20%2B+%C3%A0'

Spring Web Reactive: %20%2B+%C3%A0
Spring Web MVC: (space)+ à

((space) is a space character, GitHub seems to remove leading whitespaces...)

The cause is that AbstractServerHttpRequest.getQueryParams() is returning undecoded name-value pairs, while the interface method ServerHttpRequest.getQueryParams() specifies (in javadoc) to return decoded ones.

This commit fixed the AbstractServerHttpRequest implementation to correctly return
decoded name-value pairs and added an unit test.

https://jira.spring.io/browse/SPR-15140

(I have signed the CLA.)

@eiiches
Fix URL decoding issue in reactive @RequestParam
3cac166 
%-encoded strings were injected undecoded into @RequestParam variables,
which does not coincide with spring-webmvc behaviour. This commit
fixes AbstractServerHttpRequest.getQueryParams() to correctly return
decoded name-value pairs.

Issue: SPR-15140
rstoyanchev added a commit that referenced this pull request Jan 17, 2017
@rstoyanchev
Merge pull request #1297 from eiiches/SPR-15140
e5f4cb6
@rstoyanchev
Copy link
Contributor

This is merged, thanks for the report and pull request.

Note that I've added an integration test as well and fixed the resulting issues. Also I replaced the use of URLDecoder which is not really for urls despite its name (see Javadoc) and replaced it with UriUtils which is what we commonly use.

@spring-projects-issues spring-projects-issues mentioned this pull request Jan 11, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eiiches @rstoyanchev