From 758ae98af2895641dd2643bfc0e459a228b6443d Mon Sep 17 00:00:00 2001
From: Brian Clozel <bclozel@pivotal.io>
Date: Thu, 8 Oct 2015 11:05:51 +0200
Subject: [PATCH] Sanitize duplicate slashes in request path

This commit removes duplicate slashes in the resolved lookup path when
calling `UrlPathHelper.getLookupPathForRequest`. This is especially
necessary when the path is cleaned from semicolon content and leaves
duplicate slashes in the request path.

Issue: SPR-13455
---
 .../springframework/web/util/UrlPathHelper.java   |  1 +
 .../web/util/UrlPathHelperTests.java              | 15 +++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java b/spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java
index 64de2672cf5..5d0b207b72d 100644
--- a/spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java
+++ b/spring-web/src/main/java/org/springframework/web/util/UrlPathHelper.java
@@ -421,6 +421,7 @@ public class UrlPathHelper {
 	private String decodeAndCleanUriString(HttpServletRequest request, String uri) {
 		uri = removeSemicolonContent(uri);
 		uri = decodeRequestString(request, uri);
+		uri = getSanitizedPath(uri);
 		return uri;
 	}
 
diff --git a/spring-web/src/test/java/org/springframework/web/util/UrlPathHelperTests.java b/spring-web/src/test/java/org/springframework/web/util/UrlPathHelperTests.java
index a18b154a196..a61ff32731e 100644
--- a/spring-web/src/test/java/org/springframework/web/util/UrlPathHelperTests.java
+++ b/spring-web/src/test/java/org/springframework/web/util/UrlPathHelperTests.java
@@ -121,6 +121,13 @@ public class UrlPathHelperTests {
 
 		request.setRequestURI("/foo;f=F;o=O;o=O/bar;b=B;a=A;r=R");
 		assertEquals("/foo/bar", helper.getRequestUri(request));
+
+		// SPR-13455
+
+		request.setServletPath("/foo/1");
+		request.setRequestURI("/foo/;test/1");
+
+		assertEquals("/foo/1", helper.getRequestUri(request));
 	}
 
 	@Test
@@ -204,20 +211,20 @@ public class UrlPathHelperTests {
 		assertEquals("/foo/", helper.getLookupPathForRequest(request));
 	}
 
-	//SPR-12372
+	//SPR-12372 & SPR-13455
 	@Test
-	public void defaultServletEndingWithDoubleSlash() throws Exception {
+	public void removeDuplicateSlashesInPath() throws Exception {
 		request.setContextPath("/SPR-12372");
 		request.setPathInfo(null);
 		request.setServletPath("/foo/bar/");
 		request.setRequestURI("/SPR-12372/foo//bar/");
 
-		assertEquals("/foo//bar/", helper.getLookupPathForRequest(request));
+		assertEquals("/foo/bar/", helper.getLookupPathForRequest(request));
 
 		request.setServletPath("/foo/bar/");
 		request.setRequestURI("/SPR-12372/foo/bar//");
 
-		assertEquals("/foo/bar//", helper.getLookupPathForRequest(request));
+		assertEquals("/foo/bar/", helper.getLookupPathForRequest(request));
 
 		// "normal" case
 		request.setServletPath("/foo/bar//");