文章封面图片链接包含空格时，`${thumbnail.gen(cover, 's')}` 报错

wan92hen commented 1 month ago

系统信息

外部访问地址: https://2a1e-14-155-63-83.ngrok-free.app
启动时间: 2024-09-23 13:42
版本: 2.19.3
构建时间: 2024-09-10 17:46
Git Commit: b6ec7b9
Java: IBM Semeru Runtime Open Edition / 21.0.4+7-LTS
数据库: PostgreSQL / 15.4 (Debian 15.4-2.pgdg120+1)
操作系统: Linux / 5.15.153.1-microsoft-standard-WSL2
已激活主题: Theme Joe3 1.4.0
已启动插件:
- 豆瓣 1.2.1
- 对象存储（Amazon S3 协议） 1.11.0
- 代码注入 1.0.0-SNAPSHOT
- MaxKB 小助手 1.1.3
- 代码注入增强插件 1.0.0-SNAPSHOT
- 编辑器超链接卡片 1.0.3
- Data Studio（数据工厂） 1.0.0-alpha.2
- 插件快速开始模板 1.0.0-SNAPSHOT
- 静态网页服务 1.0.0-alpha.1
- Docsme 1.0.0-alpha.7
- SEO 工具集 1.0.6
- 联系表单 1.0.2
- Reflect Halo 微信小程序配套插件 1.0.0-SNAPSHOT
- 应用市场 1.5.0
- 社交 IAM 认证 1.0.2-SNAPSHOT
- AI 助手 1.0.0
- 文章限制阅读 Pro 1.4.0-beta.2
- Markdown / HTML 内容块 1.0.1
- WangEditor 1.0.0
- 微信公众号发布 1.1.2-SNAPSHOT
- 站点迁移 1.2.0-SNAPSHOT
- StackEdit 1.1.1
- ByteMD 1.4.0
- 图库管理 1.3.0
- 链接管理 1.3.3
- LDAP 认证 1.0.0-SNAPSHOT
- Sitemap 1.1.2
- Unsplash 1.0.0
- reveal.js 幻灯片编辑器 1.0.0-rc.1
- 瞬间 1.5.1
- OAuth2 认证 1.1.0
- RSS 1.1.1
- 评论组件 2.4.0
- 搜索组件 1.5.0
- highlight.js 代码高亮 1.2.2

使用的哪种方式运行？

Docker

发生了什么？

文章封面使用包含空格的图片链接时，主题模板通过 ${thumbnail.gen(cover, 's')} 方法配置响应式图片时报错。

复现步骤

安装并使用适配了文章封面响应式图片的主题，例如 Theme Joe3 1.4.0
准备一个名字包含空格的图片文件，例如 PixPin (1).png
上传该图片到附件列表
设置文章封面，从附件库选择该图片时，最终 url 进行了编码处理 /upload/test/PixPin%20(1).png，此时访问主题页面正常
设置文章封面时手动输入图片链接 /upload/test/PixPin (1).png，此时访问主题页面报错

相关日志输出

Caused by: org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "thumbnail.gen(cover, 's')" (template: "modules/macro/post_item" - line 26, col 15)
        at org.thymeleaf.spring6.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:292) ~[thymeleaf-spring6-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at run.halo.app.theme.ReactiveSpelVariableExpressionEvaluator.evaluate(ReactiveSpelVariableExpressionEvaluator.java:29) ~[classes/:2.19.3]
        at org.thymeleaf.standard.expression.VariableExpression.executeVariableExpression(VariableExpression.java:166) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.SimpleExpression.executeSimple(SimpleExpression.java:66) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:109) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.AdditionExpression.executeAddition(AdditionExpression.java:89) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.ComplexExpression.executeComplex(ComplexExpression.java:62) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:112) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.expression.Expression.execute(Expression.java:138) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.processor.StandardDefaultAttributesTagProcessor.processDefaultAttribute(StandardDefaultAttributesTagProcessor.java:165) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.processor.StandardDefaultAttributesTagProcessor.process(StandardDefaultAttributesTagProcessor.java:98) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.util.ProcessorConfigurationUtils$ElementTagProcessorWrapper.process(ProcessorConfigurationUtils.java:633) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.ProcessorTemplateHandler.handleStandaloneElement(ProcessorTemplateHandler.java:918) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.StandaloneElementTag.beHandled(StandaloneElementTag.java:228) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.ProcessorTemplateHandler.handleStandaloneElement(ProcessorTemplateHandler.java:1204) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.StandaloneElementTag.beHandled(StandaloneElementTag.java:228) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.Model.process(Model.java:290) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.IteratedGatheringModelProcessable.processIterationModel(IteratedGatheringModelProcessable.java:368) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.IteratedGatheringModelProcessable.process(IteratedGatheringModelProcessable.java:294) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.ProcessorTemplateHandler.handleCloseElement(ProcessorTemplateHandler.java:1640) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.CloseElementTag.beHandled(CloseElementTag.java:139) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.ProcessorTemplateHandler.handleOpenElement(ProcessorTemplateHandler.java:1587) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.OpenElementTag.beHandled(OpenElementTag.java:205) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.Model.process(Model.java:282) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.ProcessorTemplateHandler.handleOpenElement(ProcessorTemplateHandler.java:1587) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.engine.TemplateHandlerAdapterMarkupHandler.handleOpenElementEnd(TemplateHandlerAdapterMarkupHandler.java:304) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.templateparser.markup.InlinedOutputExpressionMarkupHandler$InlineMarkupAdapterPreProcessorHandler.handleOpenElementEnd(InlinedOutputExpressionMarkupHandler.java:278) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.standard.inline.OutputExpressionInlinePreProcessorHandler.handleOpenElementEnd(OutputExpressionInlinePreProcessorHandler.java:186) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.thymeleaf.templateparser.markup.InlinedOutputExpressionMarkupHandler.handleOpenElementEnd(InlinedOutputExpressionMarkupHandler.java:124) ~[thymeleaf-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        at org.attoparser.HtmlElement.handleOpenElementEnd(HtmlElement.java:109) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        at org.attoparser.HtmlMarkupHandler.handleOpenElementEnd(HtmlMarkupHandler.java:297) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        at org.attoparser.MarkupEventProcessorHandler.handleOpenElementEnd(MarkupEventProcessorHandler.java:402) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        at org.attoparser.ParsingElementMarkupUtil.parseOpenElement(ParsingElementMarkupUtil.java:159) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        at org.attoparser.MarkupParser.parseBuffer(MarkupParser.java:710) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        at org.attoparser.MarkupParser.parseDocument(MarkupParser.java:301) ~[attoparser-2.0.7.RELEASE.jar:2.0.7.RELEASE]
        ... 17 common frames omitted
Caused by: java.lang.IllegalArgumentException: Illegal character in path at index 19: /upload/test/PixPin (1).png
        at java.base/java.net.URI.create(Unknown Source) ~[na:na]
        at run.halo.app.theme.finders.impl.ThumbnailFinderImpl.gen(ThumbnailFinderImpl.java:18) ~[classes/:2.19.3]
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Unknown Source) ~[na:na]
        at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[na:na]
        at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:142) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:125) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:401) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:97) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:114) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:338) ~[spring-expression-6.1.12.jar:6.1.12]
        at org.thymeleaf.spring6.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:265) ~[thymeleaf-spring6-3.1.2.RELEASE.jar:3.1.2.RELEASE]
        ... 72 common frames omitted
Caused by: java.net.URISyntaxException: Illegal character in path at index 19: /upload/test/PixPin (1).png
        at java.base/java.net.URI$Parser.fail(Unknown Source) ~[na:na]
        at java.base/java.net.URI$Parser.checkChars(Unknown Source) ~[na:na]
        at java.base/java.net.URI$Parser.parseHierarchical(Unknown Source) ~[na:na]
        at java.base/java.net.URI$Parser.parse(Unknown Source) ~[na:na]
        at java.base/java.net.URI.<init>(Unknown Source) ~[na:na]
        ... 83 common frames omitted

附加信息

No response

guqing commented 1 month ago

/ping @halo-dev/sig-halo-console

是否在 console 处理一下参数

ruibaby commented 1 month ago

/ping @halo-dev/sig-halo-console

是否在 console 处理一下参数

怎么处理？监听输入然后 url encode 吗，不是特别推荐。

设置文章封面时手动输入图片链接 /upload/test/PixPin (1).png，此时访问主题页面报错

什么情况下手动输入的呢？我尝试在附件详情中复制链接，也是 url encode 处理了的。

guqing commented 1 month ago

/ping @halo-dev/sig-halo-console 是否在 console 处理一下参数

怎么处理？监听输入然后 url encode 吗，不是特别推荐。

提交数据的时候 encode 一下，有空格如果不编码实际上是属于校验问题，但是又不能让用户手动处理编码的事情，参数不是 URI 传递到后端无法创建 URI 对象

ruibaby commented 1 month ago

提交数据的时候 encode 一下

有不少地方都可能输入链接，前端无法很好的判断是否需要 encode，并且如果用户是从附件库选择，这个时候已经 encode 过了，如何判断是否需要 encode。

guqing commented 1 month ago

提交数据的时候 encode 一下

有不少地方都可能输入链接，前端无法很好的判断是否需要 encode，并且如果用户是从附件库选择，这个时候已经 encode 过了，如何判断是否需要 encode。

我将处理 thumbnail.gen 方法忽略非法参数避免主题报错

halo-dev / halo