Loading src/main/java/it/inaf/oats/vospace/datamodel/NodeUtils.java +2 −2 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class NodeUtils { * characters are allowed. Front end needs to pay attention to other allowed * characters like & and parenthesis in any case, also to avoid XSS attacks. */ private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]"); private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]"); /** * Slash is a special character in defining REST endpoints and trying to Loading Loading @@ -54,7 +54,7 @@ public class NodeUtils { public static String urlEncodePath(String path) { String[] parts = path.split("/"); return String.join("/", Arrays.stream(parts) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8)) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20")) .collect(Collectors.toList())); } Loading src/test/java/it/inaf/oats/vospace/datamodel/NodeUtilsTest.java +8 −3 Original line number Diff line number Diff line Loading @@ -16,15 +16,15 @@ public class NodeUtilsTest { @Test public void testGetPathWithSpacesFromRequestURLString() { String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf"; assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf"; assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); } @Test public void testEncodePathSpecialChars() { String specialChars = "ä è#+ /other/+-ò@"; assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); } @Test Loading @@ -42,6 +42,11 @@ public class NodeUtilsTest { testIllegalChars("\"'.pdf"); } @Test public void testIllegalSlashEncoded() { testIllegalChars("%2F.pdf"); } private void testIllegalChars(String illegalString) { boolean exception = false; try { Loading Loading
src/main/java/it/inaf/oats/vospace/datamodel/NodeUtils.java +2 −2 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ public class NodeUtils { * characters are allowed. Front end needs to pay attention to other allowed * characters like & and parenthesis in any case, also to avoid XSS attacks. */ private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|'*") + "]"); private static final Pattern FORBIDDEN_CHARS = Pattern.compile("[\\x00\\x08\\x0B\\x0C\\x0E-\\x1F" + Pattern.quote("<>?\":\\|/'`*") + "]"); /** * Slash is a special character in defining REST endpoints and trying to Loading Loading @@ -54,7 +54,7 @@ public class NodeUtils { public static String urlEncodePath(String path) { String[] parts = path.split("/"); return String.join("/", Arrays.stream(parts) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8)) .map(p -> URLEncoder.encode(p, StandardCharsets.UTF_8).replace("+", "%20")) .collect(Collectors.toList())); } Loading
src/test/java/it/inaf/oats/vospace/datamodel/NodeUtilsTest.java +8 −3 Original line number Diff line number Diff line Loading @@ -16,15 +16,15 @@ public class NodeUtilsTest { @Test public void testGetPathWithSpacesFromRequestURLString() { String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4.pdf"; assertEquals("/a/b/c d ä.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); String requestUrl = "http://localhost/vospace/nodes/a/b/c%20d%20%C3%A4+%2B.pdf"; assertEquals("/a/b/c d ä +.pdf", NodeUtils.getPathFromRequestURLString(requestUrl)); } @Test public void testEncodePathSpecialChars() { String specialChars = "ä è#+ /other/+-ò@"; assertEquals("%C3%A4+%C3%A8%23%2B+/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); assertEquals("%C3%A4%20%C3%A8%23%2B%20/other/%2B-%C3%B2%40", NodeUtils.urlEncodePath(specialChars)); } @Test Loading @@ -42,6 +42,11 @@ public class NodeUtilsTest { testIllegalChars("\"'.pdf"); } @Test public void testIllegalSlashEncoded() { testIllegalChars("%2F.pdf"); } private void testIllegalChars(String illegalString) { boolean exception = false; try { Loading
