(camel) branch camel-4.10.x updated: fix(components/jetty-common): don't use user provided character encoding

Fri, 14 Feb 2025 02:02:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

pcongiusti pushed a commit to branch camel-4.10.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-4.10.x by this push:
     new 95e2e3adfaa fix(components/jetty-common): don't use user provided 
character encoding
95e2e3adfaa is described below

commit 95e2e3adfaa19a17416a8c21d05bda527820b479
Author: Pasquale Congiusti <pasquale.congiu...@gmail.com>
AuthorDate: Thu Feb 13 16:57:37 2025 +0100

    fix(components/jetty-common): don't use user provided character encoding
    
    For security reasons
---
 .../apache/camel/component/jetty/CamelContinuationServlet.java    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git 
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
 
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index 9a0020b661b..51c2ee23f14 100644
--- 
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++ 
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -33,12 +33,12 @@ import org.apache.camel.AsyncCallback;
 import org.apache.camel.CamelException;
 import org.apache.camel.Exchange;
 import org.apache.camel.ExchangePattern;
+import org.apache.camel.ExchangePropertyKey;
 import org.apache.camel.Message;
 import org.apache.camel.http.common.CamelServlet;
 import org.apache.camel.http.common.HttpCommonEndpoint;
 import org.apache.camel.http.common.HttpConstants;
 import org.apache.camel.http.common.HttpConsumer;
-import org.apache.camel.http.common.HttpHelper;
 import org.apache.camel.http.common.HttpMessage;
 import org.apache.camel.spi.UnitOfWork;
 import org.apache.camel.support.ObjectHelper;
@@ -200,8 +200,10 @@ public class CamelContinuationServlet extends CamelServlet 
{
                 exchange.setProperty(Exchange.DISABLE_HTTP_STREAM_CACHE, 
Boolean.TRUE);
             }
 
-            HttpHelper.setCharsetFromContentType(request.getContentType(), 
exchange);
-
+            String charset = request.getCharacterEncoding();
+            if (charset != null) {
+                exchange.setProperty(ExchangePropertyKey.CHARSET_NAME, 
charset);
+            }
             // reuse existing http message if pooled
             Message msg = exchange.getIn();
             if (msg instanceof HttpMessage) {

Reply via email to