Summary: | unsafe pipe character ("|") in Relationship target attribute is not being encoded into a '%7C' | ||
---|---|---|---|
Product: | POI | Reporter: | Richard Costine <rjc> |
Component: | OPC | Assignee: | POI Developers List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 4.1.1-FINAL | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | This is a possible patch against REL_4_1_1 to encode unsafe pipe characters and a change to unit tests to show that it works. |
Description
Richard Costine
2020-01-30 20:44:35 UTC
applied with https://svn.apache.org/repos/asf/poi/trunk@1873384 - thanks for the patch I'm not sure if adding this could potentially break anybody who is already expecting the "|" there to actually cause a failure. I suppose that we could have the code look at a System property - something like: -Dorg.apache.poi.openxml4.opc.safePipeInURI=true|false when true it would work like before, and when false it would encode into a "%7C". Something like this code would do it: private static boolean isUnsafe(int ch) { boolean safePipeInUri = true; // assume we will fail like before. try { // set this System property to false to make it not fail safePipeInUri = Boolean.parseBoolean(System.getProperty("org.apache.poi.openxml4.opc.safePipeInURI", "false")); } catch (Throwable t) { } // defaults to true if the property is not readable // safe pipe in URI, means that a "|" will fail like before return safePipeInUri ? (ch >= 0x80 || Character.isWhitespace(ch)) : (ch >= 0x80 || ch == 0x7C || Character.isWhitespace(ch)); } We don't typically support system properties. You've caught us in the middle of a release. If your patch is not the best behaviour for this code and only suits your use case, then we need to remove it. The RFC seems to suggest that we should the existing code had a bug but if this not the case, then I will revert the code. I think that the original patch I provided should be the correct behavior, since the RFC indicates that the pipe character is not considered "valid" in a url, and would normally be encoded with a "%7C". |