[Building Sakai] Fixing Validate.encodeUrl?`

Jim Eng jimeng at umich.edu
Sat Feb 13 06:17:26 PST 2010 

The non-standard ways of escaping resource names turned out to be a  
bad idea.  This became evident as soon as webdav was implemented  
within Sakai, but it should have been evident earlier.  Unfortunately  
there was already lots of code in Sakai that relied on the old  
escaping mechanisms, and nobody ever came up with a way to solve the  
problem without breaking things elsewhere.  The right answer would  
probably have been to eliminate the escape routines that break webdav  
and simultaneously run a database conversion to generate new resource- 
id's for everything in Content Hosting.  And that alone might not  
solve the problem.

Jim


On Feb 13, 2010, at 4:48 AM, David Horwitz wrote:

> Hi Jim,
>
> Thanks for the feedback. FYI what I've been doing under my maintenance
> team hat is working through the list of bugs relating to handling  
> files
> with odd characters in them (see SAK-17980 for a collection) Many of
> these have been fixed by escaping the resource URL's in the kernel,
> however a few remain like SAK-16412. In all cases I'm adding unit  
> tests
> to the kernel to test saving and retrieving these files.
>
> The SAK-16412 problem (files saved in webdav with a ' or " in the  
> title)
> actually seems to be a issue with Validator.escapeResourceName(String)
> as this changes the ' to _ (and will do so for any reserved
> characters).  This is always going to cause problems for dav which
> expects CHS to behave like a file system. I'm now wondering if we  
> still
> need to be this strict on escaping now that we escape the urls?
>
> David
>
>
>> David,
>>
>> It seems to me that this issue comes up about once a year, but the
>> last time it was discussed may have been just a few months ago.  If I
>> recall correctly, previous attempts to fix this in the way you  
>> suggest
>> caused other problems, and the changes had to be backed out.  Maybe
>> I'm confusing this with some other method(s).
>>
>> Since this method is deprecated, maybe it would make more sense to  
>> use
>> some other method in places where this causes a problem, rather than
>> changing this method and risking that you will be causing some other
>> part of the code to stop working as expected.
>>
>> I'm not defending the implementation of this method.  I'm just
>> suggesting that because it is used (or was used at one time) in many
>> places throughout sakai, it would be hard to test whether your
>> proposed change had dire side effects.  Seems like it would be better
>> to use URLEncoder.encode(url, "utf8") directly in the places where
>> Validator.escapeUrl(str) causes a problem.
>>
>> Jim
>>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org 
>  with a subject of "unsubscribe"
>
>

More information about the sakai-dev mailing list