DefaultFlashMapManager does not support URLs with multiple parameter values [SPR-8798] #13440

spring-projects-issues · 2011-10-24T04:12:26Z

Andrea opened SPR-8798 and commented

org.springframework.web.servlet.support.DefaultFlashMapManager does not support URLs with multiple parameter values. Consider the following annotated methods that performs a redirect after a POST:

@RequestMapping(value="/test/", method = RequestMethod.POST)
public String testRedirect(HttpServletRequest request, RedirectAttributes redirectAttrs) {
    redirectAttrs.addAttribute("id1", 10);
    redirectAttrs.addAttribute("id2", 20);
    redirectAttrs.addFlashAttribute("message", "Hallo World");
    return "redirect:/?id={id1}&id={id2}";
}

After the /test/ method is executed, the browser is redirected to the /?id=10&id=20 URL.

When DefaultFlashMapManager tries to match the FlashMap object in the session with the URL, it always fails since it just supports one value for parameter. In this case, it would not match the path since it would think 20 is not a valid value for parameter id.

This is the current code in 3.1 RC:

/**

Whether the given FlashMap matches the current request.
The default implementation uses the target request path and query params
saved in the FlashMap.
*/protected boolean isFlashMapForRequest(FlashMap flashMap, HttpServletRequest request) {if (flashMap.getTargetRequestPath() != null) {String requestUri = this.urlPathHelper.getRequestUri(request);if (!requestUri.equals(flashMap.getTargetRequestPath())
&& !requestUri.equals(flashMap.getTargetRequestPath() + "/")) {return false;
}
}
MultiValueMap<String, String> params = flashMap.getTargetRequestParams();for (String key : params.keySet()) {for (String value : params.get(key)) {if (!value.equals(request.getParameter(key))) {return false;
}
}
}return true;
}

The code should iterate through all values for a given parameter in the request before rejecting it:

protected boolean isFlashMapForRequest(FlashMap flashMap, HttpServletRequest request) {
if (flashMap.getTargetRequestPath() != null) {
String requestUri = this.urlPathHelper.getRequestUri(request);
if (!requestUri.equals(flashMap.getTargetRequestPath())
&& !requestUri.equals(flashMap.getTargetRequestPath() + "/")) {
return false;
}
}
MultiValueMap<String, String> params = flashMap.getTargetRequestParams();
for (String key : params.keySet()) {
// FIX FROM HERE... String requestValues[] = request.getParameterValues(key);
if (requestValues == null || requestValues.length == 0) {
return false;
}

    for (String value : params.get(key)) {
        boolean contains = false;
        for (String requestValue : requestValues) {
            if (value.equals(requestValue)) {
                contains = true;
                break;
            }
        }
        if (!contains) {
            return false;
        }
    }
    // ...TO HERE    }
return true;

}

Affects: 3.1 RC1

The text was updated successfully, but these errors were encountered:

spring-projects-issues · 2011-10-31T06:26:09Z

Rossen Stoyanchev commented

Good point.

spring-projects-issues closed this as completed Jun 19, 2012

spring-projects-issues added type: bug A general bug in: web Issues in web modules (web, webmvc, webflux, websocket) labels Jan 11, 2019

spring-projects-issues added this to the 3.1 RC2 milestone Jan 11, 2019

spring-projects-issues assigned rstoyanchev Jan 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DefaultFlashMapManager does not support URLs with multiple parameter values [SPR-8798] #13440

DefaultFlashMapManager does not support URLs with multiple parameter values [SPR-8798] #13440

spring-projects-issues commented Oct 24, 2011

spring-projects-issues commented Oct 31, 2011

DefaultFlashMapManager does not support URLs with multiple parameter values [SPR-8798] #13440

DefaultFlashMapManager does not support URLs with multiple parameter values [SPR-8798] #13440

Comments

spring-projects-issues commented Oct 24, 2011

spring-projects-issues commented Oct 31, 2011