search

intruxxer / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

URLCanonicalizer.getCanonicalURL produces URIs "half" decoded #630

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Steps to reproduce the issue:
1. Run ZAP;
2. Access a site which contains characters that are outside of the allowed set 
in the path and in the query (example: "http://example/ç/?p=ç");
2. Run the spider against the site;
3. Note that the request to "http://example.com/ç/?p=ç" is done with the 
query component percent-encoded twice, 
"http://example.com/%C3%A7/?a=%25C3%25A7" instead of 
"http://example/%C3%A7/?a=%C3%A7".

Remarks:
The issue happens when both the path and query components have characters that 
are outside of the allowed set.
The URLCanonicalizer.getCanonicalURL returns the path, always, decoded where 
the query is, always, percent-encoded. If the path component contains "decoded" 
characters the whole URI is considered decoded thus the query component will be 
percent-encoded again.

ZAP Version:
Version 2.0.0.

Original issue reported on code.google.com by THC...@gmail.com on 15 Apr 2013 at 4:21

GoogleCodeExporter commented 9 years ago

Original comment by THC...@gmail.com on 2 Jul 2013 at 3:20

GoogleCodeExporter commented 9 years ago 
r3263
https://code.google.com/p/zaproxy-test/source/detail?r=88

Original comment by THC...@gmail.com on 2 Jul 2013 at 3:28

GoogleCodeExporter commented 9 years ago

Original comment by psii...@gmail.com on 8 Jul 2013 at 9:08

GoogleCodeExporter commented 9 years ago

Original comment by psii...@gmail.com on 11 Sep 2013 at 5:14