marylinh / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Issue with decodeFromURL method in the DefaultEncoder #301

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
see sample code 
String orig = "http://abc.com?custno=75&product=ANLYZR1";
String esapiDecode = ESAPI.encoder().decodeFromURL(orig);
System.out.println("ESAPI decode 2: " + esapiDecode);

What is the expected output? What do you see instead?
I expect the same url as the orig url to be presented .. Instead i see the 
following  ESAPI decode 2: http://abc.com?custno=75?uct=ANLYZR1

notice the @prod got dropped and became ?uct

What version of the product are you using? On what operating system?
2.0.1 

Does this issue affect only a specified browser or set of browsers?
All browsers affected 

Please provide any additional information below.

What I have found if i change the product to pr8duct  and i get the result as 
&pr8duct 

I have narrowed it down to the Cannonilize method and especially the 
percentcodec

Original issue reported on code.google.com by vansu...@gmail.com on 10 Jun 2013 at 12:07