Author: chris.laprun(a)jboss.com Date: 2009-04-02 13:50:29 -0400 (Thu, 02 Apr 2009) New Revision: 13120 Modified: branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/test/wsrp/other/WSRPPortletURLTestCase.java branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/WSRPPortletURL.java Log: - JBPORTAL-2355: + Do no use &amp; in URLs anymore, use &. + Now throws an exception in case a doubly encoded & is ever detected again (so that we can detect them better) + Adapted test to change of behavior. Modified: branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/test/wsrp/other/WSRPPortletURLTestCase.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/test/wsrp/other/WSRPPortletURLTestCase.java 2009-04-02 17:46:59 UTC (rev 13119) +++ branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/test/wsrp/other/WSRPPortletURLTestCase.java 2009-04-02 17:50:29 UTC (rev 13120) @@ -101,11 +101,15 @@ public void testDoublyEncodedAmpersand() { String expected = "wsrp_rewrite?wsrp-urlType=render&amp;amp;wsrp-mode=wsrp:help&amp;amp;wsrp-windowState=wsrp:maximized/wsrp_rewrite"; - WSRPPortletURL url = WSRPPortletURL.create(expected); - - assertTrue(url instanceof WSRPRenderURL); - assertEquals(Mode.HELP, url.getMode()); - assertEquals(WindowState.MAXIMIZED, url.getWindowState()); + try + { + WSRPPortletURL.create(expected); + fail("Should have thrown an exception on doubly encoded &!"); + } + catch (Exception e) + { + // expected + } } /** Relax validation and test that we now accept normally invalid URLs. */ Modified: branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/WSRPPortletURL.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/WSRPPortletURL.java 2009-04-02 17:46:59 UTC (rev 13119) +++ branches/JBoss_Portal_Branch_2_7/wsrp/src/main/org/jboss/portal/wsrp/WSRPPortletURL.java 2009-04-02 17:50:29 UTC (rev 13120) @@ -51,19 +51,21 @@ private static final Logger log = Logger.getLogger(WSRPPortletURL.class); private static final String EQUALS = "="; + private static final String ENCODED_AMPERSAND = "&amp;"; private static final String AMPERSAND = "&"; + private static final String AMP_AMP = "&amp;amp;"; + private static final String PARAM_SEPARATOR = "|"; - private static final int URL_TYPE_END = WSRPRewritingConstants.URL_TYPE_NAME.length() + EQUALS.length(); private boolean secure; + private Mode mode; private WindowState windowState; /** Are we using strict rewriting parameters validation mode? */ private static boolean strict = true; - /** Holds extra parameters if we are in relaxed validation mode */ private Map<String, String> extraParams; /** Remember position of extra parameters wrt end token */ @@ -174,6 +176,10 @@ } // standardize parameter separators + if (encodedURL.contains(AMP_AMP)) + { + throw new IllegalArgumentException(encodedURL + " contains a doubly encoded &!"); + } encodedURL = Tools.replace(encodedURL, ENCODED_AMPERSAND, PARAM_SEPARATOR); encodedURL = Tools.replace(encodedURL, AMPERSAND, PARAM_SEPARATOR);