Ensure scheme not lowercased if URI variable

rstoyanchev · rstoyanchev · commit c261ca310241 · 2024-10-15T20:50:01.000+01:00
Closes gh-33699
diff --git a/spring-web/src/main/java/org/springframework/web/util/RfcUriParser.java b/spring-web/src/main/java/org/springframework/web/util/RfcUriParser.java
@@ -16,6 +16,7 @@
 
 package org.springframework.web.util;
 
+import java.util.Locale;
 import java.util.Set;
 
 import org.apache.commons.logging.Log;
@@ -508,7 +509,8 @@ public InternalParser resolveIfOpaque() {
 		}
 
 		public InternalParser captureScheme() {
-			this.scheme = captureComponent("scheme").toLowerCase();
+			String scheme = captureComponent("scheme");
+			this.scheme = (!scheme.startsWith("{") ? scheme.toLowerCase(Locale.ROOT) : scheme);
 			return this;
 		}
 
@@ -633,8 +635,11 @@ public boolean processCurlyBrackets(char c) {
 				return true;
 			}
 			else if (c == '}') {
-				this.openCurlyBracketCount--;
-				return true;
+				if (this.openCurlyBracketCount > 0) {
+					this.openCurlyBracketCount--;
+					return true;
+				}
+				return false;
 			}
 			return (this.openCurlyBracketCount > 0);
 		}
diff --git a/spring-web/src/main/java/org/springframework/web/util/WhatWgUrlParser.java b/spring-web/src/main/java/org/springframework/web/util/WhatWgUrlParser.java
@@ -235,7 +235,7 @@ private void setState(State newState) {
 			logger.trace("Changing state from " + this.state + " to " + newState + " (cur: " + c + ")");
 		}
 		this.state = newState;
-		this.openCurlyBracketCount = 0;
+		this.openCurlyBracketCount = (this.buffer.toString().equals("{") ? this.openCurlyBracketCount : 0);
 	}
 
 	private boolean processCurlyBrackets(int c) {
@@ -244,8 +244,11 @@ private boolean processCurlyBrackets(int c) {
 			return true;
 		}
 		if (c == '}') {
-			this.openCurlyBracketCount--;
-			return true;
+			if (this.openCurlyBracketCount > 0) {
+				this.openCurlyBracketCount--;
+				return true;
+			}
+			return false;
 		}
 		return (this.openCurlyBracketCount > 0 && c != EOF);
 	}
@@ -756,7 +759,7 @@ private enum State {
 			public void handle(int c, UrlRecord url, WhatWgUrlParser p) {
 				// If c is an ASCII alpha, append c, lowercased, to buffer, and set state to scheme state.
 				if (isAsciiAlpha(c)) {
-					p.append(Character.toLowerCase((char) c));
+					p.append(p.openCurlyBracketCount == 0 ? Character.toLowerCase((char) c) : c);
 					p.setState(SCHEME);
 				}
 				// EXTRA: if c is '{', append to buffer and continue as SCHEME
@@ -782,7 +785,7 @@ else if (p.stateOverride == null) {
 			public void handle(int c, UrlRecord url, WhatWgUrlParser p) {
 				// If c is an ASCII alphanumeric, U+002B (+), U+002D (-), or U+002E (.), append c, lowercased, to buffer.
 				if (isAsciiAlphaNumeric(c) || (c == '+' || c == '-' || c == '.')) {
-					p.append(Character.toLowerCase((char) c));
+					p.append(p.openCurlyBracketCount == 0 ? Character.toLowerCase((char) c) : c);
 				}
 				// Otherwise, if c is U+003A (:), then:
 				else if (c == ':') {
diff --git a/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java b/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java
@@ -629,6 +629,16 @@ void buildAndExpandOpaque(ParserType parserType) {
 		assertThat(result.toUriString()).isEqualTo("mailto:foo@example.com");
 	}
 
+	@ParameterizedTest // gh-33699
+	@EnumSource(value = ParserType.class)
+	void schemeVariableMixedCase(ParserType parserType) {
+		URI uri = UriComponentsBuilder
+				.fromUriString("{TheScheme}://example.org", parserType)
+				.buildAndExpand(Map.of("TheScheme", "ws"))
+				.toUri();
+		assertThat(uri.toString()).isEqualTo("ws://example.org");
+	}
+
 	@ParameterizedTest
 	@EnumSource(value = ParserType.class)
 	void queryParamWithValueWithEquals(ParserType parserType) {

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`
`17`	`17`	`package org.springframework.web.util;`
`18`	`18`
	`19`	`+import java.util.Locale;`
`19`	`20`	`import java.util.Set;`
`20`	`21`
`21`	`22`	`import org.apache.commons.logging.Log;`
`@@ -508,7 +509,8 @@ public InternalParser resolveIfOpaque() {`
`508`	`509`	`}`
`509`	`510`
`510`	`511`	`public InternalParser captureScheme() {`
`511`		`- this.scheme = captureComponent("scheme").toLowerCase();`
	`512`	`+ String scheme = captureComponent("scheme");`
	`513`	`+ this.scheme = (!scheme.startsWith("{") ? scheme.toLowerCase(Locale.ROOT) : scheme);`
`512`	`514`	`return this;`
`513`	`515`	`}`
`514`	`516`
`@@ -633,8 +635,11 @@ public boolean processCurlyBrackets(char c) {`
`633`	`635`	`return true;`
`634`	`636`	`}`
`635`	`637`	`else if (c == '}') {`
`636`		`- this.openCurlyBracketCount--;`
`637`		`- return true;`
	`638`	`+ if (this.openCurlyBracketCount > 0) {`
	`639`	`+ this.openCurlyBracketCount--;`
	`640`	`+ return true;`
	`641`	`+ }`
	`642`	`+ return false;`
`638`	`643`	`}`
`639`	`644`	`return (this.openCurlyBracketCount > 0);`
`640`	`645`	`}`
Original file line number	Diff line number	Diff line change
`@@ -235,7 +235,7 @@ private void setState(State newState) {`
`235`	`235`	`logger.trace("Changing state from " + this.state + " to " + newState + " (cur: " + c + ")");`
`236`	`236`	`}`
`237`	`237`	`this.state = newState;`
`238`		`- this.openCurlyBracketCount = 0;`
	`238`	`+ this.openCurlyBracketCount = (this.buffer.toString().equals("{") ? this.openCurlyBracketCount : 0);`
`239`	`239`	`}`
`240`	`240`
`241`	`241`	`private boolean processCurlyBrackets(int c) {`
`@@ -244,8 +244,11 @@ private boolean processCurlyBrackets(int c) {`
`244`	`244`	`return true;`
`245`	`245`	`}`
`246`	`246`	`if (c == '}') {`
`247`		`- this.openCurlyBracketCount--;`
`248`		`- return true;`
	`247`	`+ if (this.openCurlyBracketCount > 0) {`
	`248`	`+ this.openCurlyBracketCount--;`
	`249`	`+ return true;`
	`250`	`+ }`
	`251`	`+ return false;`
`249`	`252`	`}`
`250`	`253`	`return (this.openCurlyBracketCount > 0 && c != EOF);`
`251`	`254`	`}`
`@@ -756,7 +759,7 @@ private enum State {`
`756`	`759`	`public void handle(int c, UrlRecord url, WhatWgUrlParser p) {`
`757`	`760`	`// If c is an ASCII alpha, append c, lowercased, to buffer, and set state to scheme state.`
`758`	`761`	`if (isAsciiAlpha(c)) {`
`759`		`- p.append(Character.toLowerCase((char) c));`
	`762`	`+ p.append(p.openCurlyBracketCount == 0 ? Character.toLowerCase((char) c) : c);`
`760`	`763`	`p.setState(SCHEME);`
`761`	`764`	`}`
`762`	`765`	`// EXTRA: if c is '{', append to buffer and continue as SCHEME`
`@@ -782,7 +785,7 @@ else if (p.stateOverride == null) {`
`782`	`785`	`public void handle(int c, UrlRecord url, WhatWgUrlParser p) {`
`783`	`786`	`// If c is an ASCII alphanumeric, U+002B (+), U+002D (-), or U+002E (.), append c, lowercased, to buffer.`
`784`	`787`	`if (isAsciiAlphaNumeric(c) \|\| (c == '+' \|\| c == '-' \|\| c == '.')) {`
`785`		`- p.append(Character.toLowerCase((char) c));`
	`788`	`+ p.append(p.openCurlyBracketCount == 0 ? Character.toLowerCase((char) c) : c);`
`786`	`789`	`}`
`787`	`790`	`// Otherwise, if c is U+003A (:), then:`
`788`	`791`	`else if (c == ':') {`