[FIXED JENKINS-42390] Search results were not correctly encoding URL query parameters

5d920577 · Stephen Connolly · 01d79315 · 5d920577 · 5d920577
2 changed file
--- a/core/src/main/java/hudson/search/Search.java
+++ b/core/src/main/java/hudson/search/Search.java
@@ -29,6 +29,8 @@ import hudson.Util;
 import hudson.util.EditDistance;

 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
 import java.util.AbstractList;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -40,6 +42,8 @@ import java.util.logging.Logger;

 import javax.servlet.ServletException;

+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.Ancestor;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
@@ -60,6 +64,11 @@ import org.kohsuke.stapler.export.Flavor;
 * @see SearchableModelObject
 */
 public class Search {
+    @Restricted(NoExternalUse.class) // used from stapler views only
+    public static String encodeQuery(String query) throws UnsupportedEncodingException {
+        return URLEncoder.encode(query, "UTF-8");
+    }
+
    public void doIndex(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
        List<Ancestor> l = req.getAncestors();
        for( int i=l.size()-1; i>=0; i-- ) {

--- a/core/src/main/resources/hudson/search/Search/search-failed.jelly
+++ b/core/src/main/resources/hudson/search/Search/search-failed.jelly
@@ -43,13 +43,13 @@ THE SOFTWARE.
          <ol>
            <j:forEach var="i" items="${items}">
              <li id="item_${i.path}">
-                <a href="?q=${i.path}">${i.path}</a>
+                <a href="?q=${it.encodeQuery(i.path)}">${i.path}</a>
              </li>
            </j:forEach>
          </ol>
            <j:if test="${items.hasMoreResults()}">
                <j:set var="max" value="${request.hasParameter('max')?request.getParameter('max'):20}"/>
-                <em>result has been truncated, <a href="?q=${q}&amp;max=${max+20}">see 20 more</a></em>
+                <em>result has been truncated, <a href="?q=${it.encodeQuery(q)}&amp;max=${max+20}">see 20 more</a></em>
            </j:if>
        </j:otherwise>
      </j:choose>