diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/function/server/PathResourceLookupFunction.java b/spring-webflux/src/main/java/org/springframework/web/reactive/function/server/PathResourceLookupFunction.java index 06e4f88971ba..de5d4fa742b5 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/function/server/PathResourceLookupFunction.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/function/server/PathResourceLookupFunction.java @@ -18,6 +18,7 @@ import java.io.IOException; import java.io.UncheckedIOException; +import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.util.function.Function; @@ -169,7 +170,7 @@ private boolean isInvalidEncodedInputPath(String path) { if (path.contains("%")) { try { // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars - String decodedPath = URLDecoder.decode(path, StandardCharsets.UTF_8); + String decodedPath = URLDecoder.decode(path, "UTF-8"); if (isInvalidPath(decodedPath)) { return true; } @@ -178,7 +179,7 @@ private boolean isInvalidEncodedInputPath(String path) { return true; } } - catch (IllegalArgumentException ex) { + catch (IllegalArgumentException | UnsupportedEncodingException ex) { // May not be possible to decode... } } @@ -217,12 +218,12 @@ private boolean isInvalidEncodedResourcePath(String resourcePath) { if (resourcePath.contains("%")) { // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars... try { - String decodedPath = URLDecoder.decode(resourcePath, StandardCharsets.UTF_8); + String decodedPath = URLDecoder.decode(resourcePath, "UTF-8"); if (decodedPath.contains("../") || decodedPath.contains("..\\")) { return true; } } - catch (IllegalArgumentException ex) { + catch (IllegalArgumentException | UnsupportedEncodingException ex) { // May not be possible to decode... } } diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/function/PathResourceLookupFunction.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/function/PathResourceLookupFunction.java index 84691a595924..b61f0bf519a3 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/function/PathResourceLookupFunction.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/function/PathResourceLookupFunction.java @@ -18,8 +18,8 @@ import java.io.IOException; import java.io.UncheckedIOException; +import java.io.UnsupportedEncodingException; import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; import java.util.Optional; import java.util.function.Function; @@ -72,7 +72,7 @@ public Optional apply(ServerRequest request) { return Optional.empty(); } if (!(this.location instanceof UrlResource)) { - path = UriUtils.decode(path, StandardCharsets.UTF_8); + path = UriUtils.decode(path, "UTF-8"); } try { @@ -161,7 +161,7 @@ private boolean isInvalidEncodedInputPath(String path) { if (path.contains("%")) { try { // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars - String decodedPath = URLDecoder.decode(path, StandardCharsets.UTF_8); + String decodedPath = URLDecoder.decode(path, "UTF-8"); if (isInvalidPath(decodedPath)) { return true; } @@ -170,7 +170,7 @@ private boolean isInvalidEncodedInputPath(String path) { return true; } } - catch (IllegalArgumentException ex) { + catch (IllegalArgumentException | UnsupportedEncodingException ex) { // May not be possible to decode... } } @@ -193,7 +193,8 @@ else if (resource instanceof ClassPathResource) { resourcePath = ((ClassPathResource) resource).getPath(); locationPath = StringUtils.cleanPath(((ClassPathResource) this.location).getPath()); } - else if (resource instanceof ServletContextResource servletContextResource) { + else if (resource instanceof ServletContextResource) { + ServletContextResource servletContextResource = (ServletContextResource) resource; resourcePath = servletContextResource.getPath(); locationPath = StringUtils.cleanPath(((ServletContextResource) this.location).getPath()); } @@ -213,12 +214,12 @@ private boolean isInvalidEncodedResourcePath(String resourcePath) { if (resourcePath.contains("%")) { // Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars... try { - String decodedPath = URLDecoder.decode(resourcePath, StandardCharsets.UTF_8); + String decodedPath = URLDecoder.decode(resourcePath, "UTF-8"); if (decodedPath.contains("../") || decodedPath.contains("..\\")) { return true; } } - catch (IllegalArgumentException ex) { + catch (IllegalArgumentException | UnsupportedEncodingException ex) { // May not be possible to decode... } }