Changeset 7710


Ignore:
Timestamp:
May 20, 2019, 9:11:18 AM (2 years ago)
Author:
Nicklas Nordborg
Message:

Fixes #2179: HTTP Status 400 - Bad request when logging in

Fixed in the HTML.urlEncode() function which only encoded a few specific characters. We now forward the encoding to the built-in java.net.URLEncoder implementation.

Also fixed a incorrect calls to HTML.encodeTags() in the login code.

Location:
branches/3.15-stable
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.15-stable/src/clients/web/net/sf/basedb/clients/web/util/HTML.java

    r7243 r7710  
    2323package net.sf.basedb.clients.web.util;
    2424
     25import java.net.URLEncoder;
     26import java.nio.charset.StandardCharsets;
    2527import java.util.regex.*;
    2628
     
    338340
    339341  /**
    340     Encode URL-unsafe characters in a string. Replaces
    341     % with %25, + with %2B, space with +, # with %23 and & with %26.
     342    Encode URL-unsafe characters in a string.
     343    See {@link URLEncoder} for more information.
    342344    @param in The string to encode
    343345    @return The encoded string, or an empty string if NULL was passed
     
    346348  {
    347349    if (in == null) return "";
    348     in = PERCENT.matcher(in).replaceAll("%25");
    349     in = PLUS.matcher(in).replaceAll("%2B");
    350     in = SPACE.matcher(in).replaceAll("+");
    351     in = HASH.matcher(in).replaceAll("%23");
    352     in = AMPERSAND.matcher(in).replaceAll("%26");
    353     return in;
     350    return URLEncoder.encode(in, StandardCharsets.UTF_8);
    354351  }
    355352 
  • branches/3.15-stable/www/login.jsp

    r7605 r7710  
    214214    if (errorMessage != null)
    215215    {
    216       response.sendRedirect(root+"main.jsp?ID="+ID+"&again=1&login="+HTML.urlEncode(login)+"&loginForm="+HTML.encodeTags(loginForm)+"&error="+HTML.urlEncode(errorMessage));
     216      response.sendRedirect(root+"main.jsp?ID="+ID+"&again=1&login="+HTML.urlEncode(login)+"&loginForm="+HTML.urlEncode(loginForm)+"&error="+HTML.urlEncode(errorMessage));
    217217    }
    218218    else
     
    233233    if (errorMessage != null)
    234234    {
    235       response.sendRedirect(root+"main.jsp?ID="+ID+"&login="+HTML.urlEncode(login)+"&loginForm="+HTML.encodeTags(loginForm)+"&error="+HTML.urlEncode(errorMessage));
     235      response.sendRedirect(root+"main.jsp?ID="+ID+"&login="+HTML.urlEncode(login)+"&loginForm="+HTML.urlEncode(loginForm)+"&error="+HTML.urlEncode(errorMessage));
    236236    }
    237237    else
Note: See TracChangeset for help on using the changeset viewer.