Calling canonicalize() with an empty string returns NULL

Description

If you call the canonicalize() function and pass-in an empty-string, the return value is NULL. The canonicalize() page - https://docs.lucee.org/reference/functions/canonicalize.html - states nothing about this behaviour. The docs state that a String is the return value and ACF returns a string.

See demonstration of behaviour: https://www.bennadel.com/blog/3556-calling-canonicalize-on-an-empty-string-returns-null-in-lucee-5-2-9-31.htm

Linked work items

relates to

LD-122

Calling canonicalize() with an empty string returns NULL.

Activity

Michael Offner
3 January 2019 at 10:47

i could not accept the PR from @Andrew Dixon directly, because that function is no longer in the core in Lucee 5.3, but i did adapt his change to the esapi extension that now holds this function
https://github.com/lucee/extension-esapi/commit/8f4d5fb0bf60ccae68adb8fc55603d79796ae79b

Andrew Dixon
3 January 2019 at 10:17

@Michael Offner - There is inconsistency here already as:

https://github.com/lucee/Lucee/blob/master/core/src/main/java/lucee/runtime/functions/owasp/ESAPIEncode.java#L149

returns "null" but:

https://github.com/lucee/Lucee/blob/master/core/src/main/java/lucee/runtime/functions/owasp/ESAPIEncode.java#L56

returns the passed in "item".

The `encode` function on line #55 is the function that is called by the `canonicalize` function on line #148, so without line #149, it would have returned the "item" anyway.

Michael Offner
3 January 2019 at 10:11

Lucee is returning null not by accident, it returns null explicitly in this case. So that is a decision made in the past for some reason i don't know, so before simply accept the pull i have to investigate first.

Andrew Dixon
2 January 2019 at 00:19

@Michael Offner - Pull request submitted for this - https://github.com/lucee/Lucee/pull/622

Resize issue view side panel

Fixed

Details

Assignee

Michael Offner

Reporter

Andrew Dixon

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

None

Fix versions

ESAPI 2.1.0.17

5.3.2.34

Affects versions

5.2.9.31

Priority

New

Created 2 January 2019 at 00:01

Updated 18 March 2019 at 16:38

Resolved 8 March 2019 at 07:45