File tree 2 files changed +33
-24
lines changed
spring-webflux/src/main/java/org/springframework/web/reactive/resource
spring-webmvc/src/main/java/org/springframework/web/servlet/resource
2 files changed +33
-24
lines changed Original file line number Diff line number Diff line change @@ -152,24 +152,28 @@ public static boolean isInvalidPath(String path) {
152152
153153 private static boolean isInvalidEncodedPath (String path ) {
154154 if (path .contains ("%" )) {
155- try {
156- // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars
157- String decodedPath = URLDecoder .decode (path , StandardCharsets .UTF_8 );
158- if (isInvalidPath (decodedPath )) {
159- return true ;
160- }
161- decodedPath = normalizeInputPath (decodedPath );
162- if (isInvalidPath (decodedPath )) {
163- return true ;
164- }
155+ String decodedPath = decode (path );
156+ if (decodedPath .contains ("%" )) {
157+ decodedPath = decode (decodedPath );
165158 }
166- catch ( IllegalArgumentException ex ) {
167- // May not be possible to decode...
159+ if ( isInvalidPath ( decodedPath ) ) {
160+ return true ;
168161 }
162+ decodedPath = normalizeInputPath (decodedPath );
163+ return isInvalidPath (decodedPath );
169164 }
170165 return false ;
171166 }
172167
168+ private static String decode (String path ) {
169+ try {
170+ return URLDecoder .decode (path , StandardCharsets .UTF_8 );
171+ }
172+ catch (Exception ex ) {
173+ return "" ;
174+ }
175+ }
176+
173177 /**
174178 * Create a resource relative to the given {@link Resource}, also decoding
175179 * the resource path for a {@link UrlResource}.
Original file line number Diff line number Diff line change @@ -157,24 +157,29 @@ public static boolean isInvalidPath(String path) {
157157 */
158158 private static boolean isInvalidEncodedPath (String path ) {
159159 if (path .contains ("%" )) {
160- try {
161- // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars
162- String decodedPath = URLDecoder .decode (path , StandardCharsets .UTF_8 );
163- if (isInvalidPath (decodedPath )) {
164- return true ;
165- }
166- decodedPath = normalizeInputPath (decodedPath );
167- if (isInvalidPath (decodedPath )) {
168- return true ;
169- }
160+ String decodedPath = decode (path );
161+ if (decodedPath .contains ("%" )) {
162+ decodedPath = decode (decodedPath );
170163 }
171- catch ( IllegalArgumentException ex ) {
172- // May not be possible to decode...
164+ if ( isInvalidPath ( decodedPath ) ) {
165+ return true ;
173166 }
167+ decodedPath = normalizeInputPath (decodedPath );
168+ return isInvalidPath (decodedPath );
174169 }
175170 return false ;
176171 }
177172
173+ private static String decode (String path ) {
174+ try {
175+ return URLDecoder .decode (path , StandardCharsets .UTF_8 );
176+ }
177+ catch (Exception ex ) {
178+ return "" ;
179+ }
180+ }
181+
182+
178183 /**
179184 * Check whether the resource is under the given location.
180185 */
You can’t perform that action at this time.
0 commit comments