SPR-6188 - UriTemplate: Insufficient handling of characters that need to be escaped.

Author: poutsma

org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/tags/UrlTag.java

@@ -34,6 +34,7 @@
 import org.springframework.web.util.JavaScriptUtils;
 import org.springframework.web.util.TagUtils;
 import org.springframework.web.util.UriUtils;
+import org.springframework.util.StringUtils;
 
 /**
  * JSP tag for creating URLs. Modeled after the JSTL c:url tag with backwards
@@ -236,23 +237,29 @@ private String createUrl() throws JspException {
 	 * @return the query string
 	 * @throws JspException
 	 */
-	protected String createQueryString(
-			List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter)
+	protected String createQueryString(List<Param> params, Set<String> usedParams, boolean includeQueryStringDelimiter)
 			throws JspException {
 
+		String encoding = pageContext.getResponse().getCharacterEncoding();
+
 		StringBuilder qs = new StringBuilder();
 		for (Param param : params) {
-			if (!usedParams.contains(param.getName()) && param.getName() != null && !"".equals(param.getName())) {
+			if (!usedParams.contains(param.getName()) && StringUtils.hasLength(param.getName())) {
 				if (includeQueryStringDelimiter && qs.length() == 0) {
 					qs.append("?");
 				}
 				else {
 					qs.append("&");
 				}
-				qs.append(urlEncode(param.getName()));
-				if (param.getValue() != null) {
-					qs.append("=");
-					qs.append(urlEncode(param.getValue()));
+				try {
+					qs.append(UriUtils.encodeQueryParam(param.getName(), encoding));
+					if (param.getValue() != null) {
+						qs.append("=");
+						qs.append(UriUtils.encodeQueryParam(param.getValue(), encoding));
+					}
+				}
+				catch (UnsupportedEncodingException ex) {
+					throw new JspException(ex);
 				}
 			}
 		}
@@ -271,39 +278,23 @@ protected String createQueryString(
 	 */
 	protected String replaceUriTemplateParams(String uri, List<Param> params, Set<String> usedParams)
 			throws JspException {
+		String encoding = pageContext.getResponse().getCharacterEncoding();
+
 		for (Param param : params) {
 			String template = URL_TEMPLATE_DELIMITER_PREFIX + param.getName() + URL_TEMPLATE_DELIMITER_SUFFIX;
 			if (uri.contains(template)) {
 				usedParams.add(param.getName());
-				uri = uri.replace(template, urlEncode(param.getValue()));
+				try {
+					uri = uri.replace(template, UriUtils.encodePath(param.getValue(), encoding));
+				}
+				catch (UnsupportedEncodingException ex) {
+					throw new JspException(ex);
+				}
 			}
 		}
 		return uri;
 	}
 
-	/**
-	 * URL-encode the provided String using the character encoding for the response.
-	 * <p>This method will <strong>not</strong> URL-encode according to the 
-	 * <code>application/x-www-form-urlencoded</code> MIME format. Spaces will 
-	 * encoded as regular character instead of <code>+</code>. In <code>UTF-8</code>
-	 * a space encodes to <code>%20</code>.
-	 * @param value the value to encode
-	 * @return the URL encoded value
-	 * @throws JspException if the character encoding is invalid
-	 */
-	protected String urlEncode(String value) throws JspException {
-		if (value == null) {
-			return null;
-		}
-		try {
-			String encoding = pageContext.getResponse().getCharacterEncoding();
-			return UriUtils.encode(value, encoding);
-		}
-		catch (UnsupportedEncodingException ex) {
-			throw new JspException(ex);
-		}
-	}
-
 	/**
 	 * Internal enum that classifies URLs by type.
 	 */

org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/tags/UrlTagTests.java

@@ -550,26 +550,6 @@ public void testCreateUrlWithParamAndExsistingQueryString()
 		assertEquals("url/path?foo=bar&name=value", uri);
 	}
 
-	public void testUrlEncode() throws JspException {
-		assertEquals("my%20name%2Bis", tag.urlEncode("my name+is"));
-	}
-	
-	public void testUrlEncodeNull() throws JspException {
-		assertNull(tag.urlEncode(null));
-	}
-
-	public void testUrlEncodeBadEncoding() {
-		context.getResponse().setCharacterEncoding("bad encoding");
-
-		try {
-			tag.urlEncode("my name");
-			fail("expected JspException");
-		}
-		catch (JspException e) {
-			// we want this
-		}
-	}
-
 	public void testJspWriterOutput() {
 		// TODO assert that the output to the JspWriter is the expected output
 	}

org.springframework.web/src/main/java/org/springframework/web/util/UriTemplate.java

@@ -25,6 +25,7 @@
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.io.UnsupportedEncodingException;
 
 import org.springframework.util.Assert;
 
@@ -175,48 +176,12 @@ public String toString() {
 
 	private static URI encodeUri(String uri) {
 		try {
-			int schemeIdx = uri.indexOf(':');
-			if (schemeIdx == -1) {
-				int queryIdx = uri.indexOf('?');
-				if (queryIdx == -1) {
-					int fragmentIdx = uri.indexOf('#');
-					if (fragmentIdx == -1) {
-						return new URI(null, null, uri, null);
-					}
-					else {
-						String path = uri.substring(0, fragmentIdx);
-						String fragment = uri.substring(fragmentIdx + 1);
-						return new URI(null, null, path, fragment);
-					}
-				}
-				else {
-					int fragmentIdx = uri.indexOf('#', queryIdx + 1);
-					if (fragmentIdx == -1) {
-						String path = uri.substring(0, queryIdx);
-						String query = uri.substring(queryIdx + 1);
-						return new URI(null, null, path, query, null);
-					}
-					else {
-						String path = uri.substring(0, queryIdx);
-						String query = uri.substring(queryIdx + 1, fragmentIdx);
-						String fragment = uri.substring(fragmentIdx + 1);
-						return new URI(null, null, path, query, fragment);
-					}
-				}
-			}
-			else {
-				int fragmentIdx = uri.indexOf('#', schemeIdx + 1);
-				String scheme = uri.substring(0, schemeIdx);
-				if (fragmentIdx == -1) {
-					String ssp = uri.substring(schemeIdx + 1);
-					return new URI(scheme, ssp, null);
-				}
-				else {
-					String ssp = uri.substring(schemeIdx + 1, fragmentIdx);
-					String fragment = uri.substring(fragmentIdx + 1);
-					return new URI(scheme, ssp, fragment);
-				}
-			}
+			String encoded = UriUtils.encodeUri(uri, "UTF-8");
+			return new URI(encoded);
+		}
+		catch (UnsupportedEncodingException ex) {
+			// should not happen, UTF-8 is always supported
+			throw new IllegalStateException(ex);
 		}
 		catch (URISyntaxException ex) {
 			throw new IllegalArgumentException("Could not create URI from [" + uri + "]: " + ex);