Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

decodeFromURL fails with various keywords

Description

Mailing List: https://dev.lucee.org/t/decodefromurl-fails-with-various-keywords/12392

TryCF: https://trycf.com/gist/43b5b0b5ea6bb6d0266d540c0eedf9cb/lucee5?theme=monokai

<cfscript> posTestURL = "https://test.example/api/v1/index.html?uname=tester&lanu=en&prm123=test"; negTestURL = "https://test.example/api/v1/index.html?uname=tester&lang=en&param1=test"; try{ enc = encodeForURL( posTestURL ); writeDump( var = enc, label = "Encoded posTestURL" ); dec = decodeFromURL( enc ); writeDump( var = dec, label = "Decoded posTestURL" ); enc = encodeForURL( negTestURL ); writeDump( var = enc, label = "Encoded negTestURL" ); dec = decodeFromURL( enc ); writeDump( var = dec, label = "Decoded negTestURL" ); } catch ( any error ) { writeDump( var = error, label = "Exception" ); } </cfscript>

Environment

None

Activity

Show:

Michael Offner 16 October 2024 at 08:37

i can trigger this already with this dump(decodeFromURL( "%3Fu%3Dt%26lang%3Den" ));, problem is the “lang“. The encoded string is created by esapi itself, it should not fail decode it’s own string.

Not really sure what we can do here, there is no addional setting we can do with the library to avoid this, we will update to the latest version of the library.

Zac Spitzer 8 June 2023 at 20:14

Pothys - MitrahSoft 30 March 2023 at 15:15

I added a testcase to this ticket

Pull Request:https://github.com/lucee/Lucee/pull/1994

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 29 March 2023 at 15:01
Updated 16 October 2024 at 13:57

Flag notifications