Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5382 minor always 02-26-13 13:53 09-11-14 11:15
Reporter: alex Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version: 4.0.35  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.41  
Summary: 0005382: web-tier / app-tier url encoding / decoding fidelity
Description: actual request: 'a %20 x % ( ) &.html'

direct request\
curl 'http://localhost:8082/qa/a%20%2520%20x%20%25%20(%20)%20%26.html' [^]
server: app-0
request-uri : /qa/a%20%2520%20x%20%25%20(%20)%20%26.html
request-url : http://localhost:8082/qa/a%20%2520%20x%20%25%20(%20)%20%26.html [^]
servlet-path:
path-info : /a %20 x % ( ) &.html

\direct request

lb-request\
curl 'http://localhost:9080/qa/a%20%2520%20x%20%25%20(%20)%20%26.html' [^]
server: app-0
request-uri : /qa/a%20%20%20x%20%%20(%20)%20&.html
request-url : http://localhost:9080/qa/a%20%20%20x%20%%20(%20)%20&.html [^]
servlet-path:
path-info : /a x &65533;) &.html

\lb-request

base64 decode from the additional information string to get the actual data if Mantis breaks my submit.
Steps To Reproduce:
Additional Information: c2VydmVyOiAgICAgICBhcHAtMApyZXF1ZXN0LXVyaSA6IC9xYS9hJTIwJTI1MjAlMjB4JTIwJTI1JTIwKCUyMCklMjAlMjYuaHRtbApyZXF1ZXN0LXVybCA6IGh0dHA6Ly9sb2NhbGhvc3Q6ODA4Mi9xYS9hJTIwJTI1MjAlMjB4JTIwJTI1JTIwKCUyMCklMjAlMjYuaHRtbApzZXJ2bGV0LXBhdGg6IApwYXRoLWluZm8gICA6IC9hICUyMCB4ICUgKCApICYuaHRtbAoKc2VydmVyOiAgICAgICBhcHAtMApyZXF1ZXN0LXVyaSA6IC9xYS9hJTIwJTIwJTIweCUyMCUlMjAoJTIwKSUyMCYuaHRtbApyZXF1ZXN0LXVybCA6IGh0dHA6Ly9sb2NhbGhvc3Q6OTA4MC9xYS9hJTIwJTIwJTIweCUyMCUlMjAoJTIwKSUyMCYuaHRtbApzZXJ2bGV0LXBhdGg6IApwYXRoLWluZm8gICA6IC9hICAgeCDvv70pICYuaHRtbAoK
Relationships
Attached Files:

Notes
(0006200)
alex   
02-26-13 13:53   
Original suport request:
rep by Andrew Foong
currently resin 4.0.35 url encoding works.

when I curl the following urls:
1. http://stage3.efinancedirectory.com/articles/Housing_Bubble_Analysis%3A_Interview_with_Global_Economic_Trend_Analysis_(Mish).html [^]
2. http://stage3.efinancedirectory.com/articles/Housing_Bubble_Analysis%3A_Interview_with_Global_Economic_Trend_Analysis_%28Mish%29.html [^]
3. http://stage3.efinancedirectory.com/articles/Housing_Bubble_Analysis%3A_Interview_with_Global_Economic_Trend_Analysis_(Mish%29.html [^]

which results in completely decoded output when the request makes it from the load-balancer to the app-tier:

[13-02-26 12:05:09.555] {resin-port-localhost:6802-453} 64.71.26.18 1313ms http://stage3.efinancedirectory.com/articles/Housing_Bubble_Analysis:_Interview_with_Global_Economic_Trend_Analysis_(Mish).html [^]


Spaces however do not have the same output on the app-tier (probably because spaces are required to be encoded as %20)

curling this:
1. http://stage3.education-portal.com/article_directory/q_p/page/A%20-%20C/q_p/Articles_about_Career_Planning.html [^]

results in:

[13-02-26 12:06:02.679] {resin-port-localhost:6802-1766} 64.71.26.18 1549ms http://stage3.education-portal.com/article_directory/q_p/page/A%20-%20C/q_p/Articles_about_Career_Planning.html [^]

%'s are like spaces, but we would expect them to not be..

hitting this:
http://stage3.efinancedirectory.com/articles/study_says_63%_of_u.s._housing_markets_are_overvalued.html [^]

results in:
[13-02-26 12:07:41.788] {resin-port-localhost:6802-1935} 64.71.26.18 168ms http://stage3.efinancedirectory.com/articles/study_says_63ưu.s._housing_markets_are_overvalued.html [^]

hitting this:
http://stage3.efinancedirectory.com/articles/study_says_63%25_of_u.s._housing_markets_are_overvalued.html [^]

results in an error on our side we receive the uri as: "http://stage3.efinancedirectory.com/articles/study_says_63%_of_u.s._housing_markets_are_overvalued.html" [^]

our question is this:

how did a valid url in the browser, go through the load balancer, to the app-tier and end up as an invalid uri?
(0006515)
ferg   
09-11-14 11:15   
Same issue as 0005785.