Defensive URL cleaning (preserving the original URL if possible)

Issue: SPR-17198
6 years ago · 6ef0938a92
parent c55a9072aa
commit 6ef0938a92
1 changed files with 10 additions and 8 deletions
--- a/spring-core/src/main/java/org/springframework/core/io/UrlResource.java
+++ b/spring-core/src/main/java/org/springframework/core/io/UrlResource.java
@ -141,18 +141,20 @@ public class UrlResource extends AbstractFileResolvingResource {
 	 * Determine a cleaned URL for the given original URL.
 	 * @param originalUrl the original URL
 	 * @param originalPath the original URL path
-	 * @return the cleaned URL
+	 * @return the cleaned URL (possibly the original URL as-is)
 	 * @see org.springframework.util.StringUtils#cleanPath
 	 */
 	private URL getCleanedUrl(URL originalUrl, String originalPath) {
-		try {
+		String cleanedPath = StringUtils.cleanPath(originalPath);
-			return new URL(StringUtils.cleanPath(originalPath));
+		if (!cleanedPath.equals(originalPath)) {
-		}
+			try {
-		catch (MalformedURLException ex) {
+				return new URL(cleanedPath);
-			// Cleaned URL path cannot be converted to URL
+			}
-			// -> take original URL.
+			catch (MalformedURLException ex) {
-			return originalUrl;
+				// Cleaned URL path cannot be converted to URL -> take original URL.
 			}
 		}
 		return originalUrl;
 	}
 	/**