Including a percentage symbol (%) in a dr "message" makes the server fails

Hi!

I've found that if I try to create a DR event through the API with a message containing the percentage symbol then it fails with HTTP 500 code and the following stack trace.

Unhandled error:
java.lang.RuntimeException: Error decoding request body.
at com.ecobee.webapp.security.ApiRequestUtil.parseRequestBody(ApiRequestUtil.java:305)
at com.ecobee.webapp.security.ApiRequestUtil.createApiRequest(ApiRequestUtil.java:207)
at com.ecobee.webapp.servlet.ApiServlet.createApiRequest(ApiServlet.java:99)
at com.ecobee.webapp.servlet.ApiServlet.doPost(ApiServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.ecobee.webapp.servlet.PathExcludingFilter.doFilter(PathExcludingFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.ecobee.webapp.servlet.PathExcludingFilter.doFilter(PathExcludingFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at com.ecobee.webapp.security.filter.SecurityTokenFilter.doFilter(SecurityTokenFilter.java:137)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:380)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: " i"
at java.net.URLDecoder.decode(URLDecoder.java:192)
at com.ecobee.webapp.security.ApiRequestUtil.parseRequestBody(ApiRequestUtil.java:298)
... 48 more

Here's a sample request:

curl -g -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" -X POST -d '{ "operation":"create", "demandResponse":{ "name":"220022", "message":"This is a Message with a percentage symbol % in it", "event":{ "dutyCyclePercentage":33, "coolHoldTemp" : 60, "heatHoldTemp" : 70, "name":"220022","type":"demandResponse","startDate":"2015-02-05","endDate":"2015-02-05","startTime":"19:00:50","endTime":"19:35:32","isTemperatureRelative":false,"isTemperatureAbsolute":false}},"selection":{"selectionType":"thermostats", "selectionMatch":"227429571728,227407420738" }}' https://beta.ecobee.com/home/api/1/de...

Should we be escaping characters within the json string in any way ?

Thanks

Regards
1 person has
this problem
+1
Reply