From f9a462b81946e288b8dce776702bb90e44a648b0 Mon Sep 17 00:00:00 2001
From: ausmith <aaron.goldsmith@careerbuilder.com>
Date: Fri, 15 Jan 2016 14:34:57 -0500
Subject: [PATCH] Specially handle encoded ampersands in query string

If you receive a query string with an encoded ampersand and then follow
the decode and re-encode model to remove invalid query string
parameters, you end up with a no longer encoded ampersand, breaking the
query string.

Example:
Valid query string: ?keywords="Mine+%26+Yours"
When decoded and re-encoded, looks like: ?keywords=%22Mine%20&%20Yours%22
There are now 2 query params instead of 1 because of the ampersand.

This change now maintains the ampersand encoding:
?keywords=%22Mine%20%26%20Yours%22
---
 .../route/SimpleHostRoutingFilter.groovy      | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/zuul-simple-webapp/src/main/groovy/filters/route/SimpleHostRoutingFilter.groovy b/zuul-simple-webapp/src/main/groovy/filters/route/SimpleHostRoutingFilter.groovy
index 68b4a4eae3..d73055ba8a 100644
--- a/zuul-simple-webapp/src/main/groovy/filters/route/SimpleHostRoutingFilter.groovy
+++ b/zuul-simple-webapp/src/main/groovy/filters/route/SimpleHostRoutingFilter.groovy
@@ -258,8 +258,24 @@ class SimpleHostRoutingFilter extends ZuulFilter {
             return ""
         }
 
-        String decodedQueryString = URLDecoder.decode(currentQueryString, encoding)
-        return new URI(null, null, null, decodedQueryString, null).toString()
+        String rebuiltQueryString = ""
+        for (String keyPair : currentQueryString.split("&")) {
+            if (rebuiltQueryString.length() > 0) {
+                rebuiltQueryString = rebuiltQueryString + "&"
+            }
+            def (name,value) = keyPair.split("=", 2)
+            if (value != null) {
+                value = URLDecoder.decode(value, encoding)
+                value = new URI(null, null, null, value, null).toString().substring(1)
+                value = value.replaceAll('&', '%26')
+                rebuiltQueryString = rebuiltQueryString + name + "=" + value
+            } else {
+                name = URLDecoder.decode(name, encoding)
+                value = new URI(null, null, null, value, null).toString().substring(1)
+                rebuiltQueryString = rebuiltQueryString + value
+            }
+        }
+        return "?" + rebuiltQueryString
     }
 
     HttpHost getHttpHost() {