From 99406b961fa996d830a88570c4fa895fa3639d35 Mon Sep 17 00:00:00 2001
From: Risto Lahtela <24460436+Rsl1122@users.noreply.github.com>
Date: Wed, 13 May 2020 10:23:11 +0300
Subject: [PATCH] Manually decode URI parameters

Affects issues:
- Fixed #1444
---
 .../plan/delivery/web/resolver/request/URIQuery.java | 12 +++++++++++-
 .../plan/delivery/webserver/RequestHandler.java      |  4 ++--
 .../src/main/resources/assets/plan/web/login.html    |  2 +-
 .../src/main/resources/assets/plan/web/register.html |  4 ++--
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/URIQuery.java b/Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/URIQuery.java
index 161f17c77..9b9f72dde 100644
--- a/Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/URIQuery.java
+++ b/Plan/api/src/main/java/com/djrapitops/plan/delivery/web/resolver/request/URIQuery.java
@@ -18,6 +18,9 @@ package com.djrapitops.plan.delivery.web.resolver.request;
 
 import org.apache.commons.lang3.StringUtils;
 
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -53,7 +56,14 @@ public final class URIQuery {
             }
             String[] keyAndValue = StringUtils.split(kv, "=", 2);
             if (keyAndValue.length >= 2) {
-                parameters.put(keyAndValue[0], keyAndValue[1]);
+                try {
+                    parameters.put(
+                            URLDecoder.decode(keyAndValue[0], StandardCharsets.UTF_8.name()),
+                            URLDecoder.decode(keyAndValue[1], StandardCharsets.UTF_8.name())
+                    );
+                } catch (UnsupportedEncodingException e) {
+                    // If UTF-8 is unsupported, we have bigger problems
+                }
             }
         }
         return parameters;
diff --git a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
index adb4a7f57..7753e1884 100644
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
@@ -64,7 +64,7 @@ public class RequestHandler implements HttpHandler {
     private final PluginLogger logger;
     private final ErrorHandler errorHandler;
 
-    private PassBruteForceGuard bruteForceGuard;
+    private final PassBruteForceGuard bruteForceGuard;
 
     @Inject
     RequestHandler(
@@ -146,7 +146,7 @@ public class RequestHandler implements HttpHandler {
     private Request buildRequest(HttpExchange exchange) {
         String requestMethod = exchange.getRequestMethod();
         URIPath path = new URIPath(exchange.getRequestURI().getPath());
-        URIQuery query = new URIQuery(exchange.getRequestURI().getQuery());
+        URIQuery query = new URIQuery(exchange.getRequestURI().getRawQuery());
         WebUser user = getWebUser(exchange);
         Map<String, String> headers = getRequestHeaders(exchange);
         return new Request(requestMethod, path, query, user, headers);
diff --git a/Plan/common/src/main/resources/assets/plan/web/login.html b/Plan/common/src/main/resources/assets/plan/web/login.html
index 856c98fc6..03f230a26 100644
--- a/Plan/common/src/main/resources/assets/plan/web/login.html
+++ b/Plan/common/src/main/resources/assets/plan/web/login.html
@@ -203,7 +203,7 @@
         if (!password || password.length < 1) {
             return displayError('You need to specify a Password');
         }
-        jsonRequest(`./auth/login?user=${encodeURI(user)}&password=${encodeURI(password)}`, (json, error) => {
+        jsonRequest(`./auth/login?user=${encodeURIComponent(user)}&password=${encodeURIComponent(password)}`, (json, error) => {
             if (error) {
                 if (error.includes("HTTP 403")) {
                     location.reload();
diff --git a/Plan/common/src/main/resources/assets/plan/web/register.html b/Plan/common/src/main/resources/assets/plan/web/register.html
index 2d7e16973..adc2ef908 100644
--- a/Plan/common/src/main/resources/assets/plan/web/register.html
+++ b/Plan/common/src/main/resources/assets/plan/web/register.html
@@ -191,7 +191,7 @@
     }
 
     function checkIfRegistered(code) {
-        jsonRequest(`./auth/register?code=${encodeURI(code)}`, (json, error) => {
+        jsonRequest(`./auth/register?code=${encodeURIComponent(code)}`, (json, error) => {
             if (error) {
                 displayError('Checking registration status failed: ' + error)
             }
@@ -216,7 +216,7 @@
         if (!password || password.length < 1) {
             return displayError('You need to specify a Password');
         }
-        jsonRequest(`./auth/register?user=${encodeURI(user)}&password=${encodeURI(password)}`, (json, error) => {
+        jsonRequest(`./auth/register?user=${encodeURIComponent(user)}&password=${encodeURIComponent(password)}`, (json, error) => {
             if (error) {
                 return displayError('Registration failed: ' + error);
             }