url string encoding on re-directs

Hi.

I just noticed that in the request handler, when you redirect  
requests in a request chain or on a request-redirect, it is not  
filtering out special characters, so you can get a URL like this:

151307 (http-0.0.0.0-8443-Processor3) [     RequestHandler.java:
505:INFO ] [Sending redirect]: /crmsfa/control/viewAccount?
postalCode=89&attnName=&preContactMechTypeId=POSTAL_ADDRESS&address2=&ad
dress1=#123  
&countryGeoId=USA&donePage=viewAccount&allowSolicitation=&toName=&city=l
a&contactMechTypeId=POSTAL_ADDRESS&partyId=DemoAccount1&stateProvinceGeo
Id=BR-AC

That "#" in the middle will break your URL.

I tracked down the responsible code to here in RequestHandler.java:

    private void callRedirect(String url, HttpServletResponse resp,  
HttpServletRequest req) throws RequestHandlerException {
         if (Debug.infoOn()) Debug.logInfo("[Sending redirect]: " +  
url, module);

Should I change it to clean out the URL first, based on this: http://
www.blooberry.com/indexdot/html/topics/urlencoding.htm?  It seems  
like space and ampersand are already taken care of.

Should I put that into the UtilHttp method?

Si

This is a can of worms. I wouldn't recommend passing so much information in a redirect URL, not ever.

A couple of big problems come to mind right off:

- HTTP URLs are not UTF-8 encoded, or anything i18n friendly encoding, just good old 8859-1 (if I remember right); so including full data in them will always be problematic

- encoding a URL can't be done if all you have is the full URL string; if you have a Map that will go into the parameter string of a URL then you can encode each name/value independently, but by definition the parsing of a full URL is impossible... otherwise encoding wouldn't be needed... ;)

-David


Si Chen wrote: