Skip to content

Commit

Permalink
Decode static resource path with UriUtils
Browse files Browse the repository at this point in the history
  • Loading branch information
rstoyanchev committed Nov 12, 2024
1 parent 9dabfdf commit cbe2f36
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -196,23 +196,23 @@ public static boolean isInvalidPath(String path) {
}

private static boolean isInvalidEncodedPath(String path) {
if (path.contains("%")) {
String decodedPath = decode(path);
if (decodedPath.contains("%")) {
decodedPath = decode(decodedPath);
}
if (isInvalidPath(decodedPath)) {
return true;
}
decodedPath = normalizeInputPath(decodedPath);
return isInvalidPath(decodedPath);
String decodedPath = decode(path);
if (decodedPath.contains("%")) {
decodedPath = decode(decodedPath);
}
return false;
if (!StringUtils.hasText(decodedPath)) {
return true;
}
if (isInvalidPath(decodedPath)) {
return true;
}
decodedPath = normalizeInputPath(decodedPath);
return isInvalidPath(decodedPath);
}

private static String decode(String path) {
try {
return URLDecoder.decode(path, StandardCharsets.UTF_8);
return UriUtils.decode(path, StandardCharsets.UTF_8);
}
catch (Exception ex) {
return "";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.ServletContextResource;
import org.springframework.web.util.UriUtils;

/**
* Resource handling utility methods to share common logic between
Expand Down Expand Up @@ -201,23 +202,23 @@ public static boolean isInvalidPath(String path) {
* @return {@code true} if the path is invalid, {@code false} otherwise
*/
private static boolean isInvalidEncodedPath(String path) {
if (path.contains("%")) {
String decodedPath = decode(path);
if (decodedPath.contains("%")) {
decodedPath = decode(decodedPath);
}
if (isInvalidPath(decodedPath)) {
return true;
}
decodedPath = normalizeInputPath(decodedPath);
return isInvalidPath(decodedPath);
String decodedPath = decode(path);
if (decodedPath.contains("%")) {
decodedPath = decode(decodedPath);
}
return false;
if (!StringUtils.hasText(decodedPath)) {
return true;
}
if (isInvalidPath(decodedPath)) {
return true;
}
decodedPath = normalizeInputPath(decodedPath);
return isInvalidPath(decodedPath);
}

private static String decode(String path) {
try {
return URLDecoder.decode(path, StandardCharsets.UTF_8);
return UriUtils.decode(path, StandardCharsets.UTF_8);
}
catch (Exception ex) {
return "";
Expand Down

0 comments on commit cbe2f36

Please sign in to comment.