From 9df4089a5e0c6db4ec83c4e74e0f91f02e5798d7 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Sat, 10 Jul 2021 09:48:58 +0200
Subject: [PATCH] Clean special characters in data path when used for an URL.

---
 .../cms/ui/util/DefaultImageManager.java      | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/org.argeo.cms.ui/src/org/argeo/cms/ui/util/DefaultImageManager.java b/org.argeo.cms.ui/src/org/argeo/cms/ui/util/DefaultImageManager.java
index 698ab1b06..d817a9efa 100644
--- a/org.argeo.cms.ui/src/org/argeo/cms/ui/util/DefaultImageManager.java
+++ b/org.argeo.cms.ui/src/org/argeo/cms/ui/util/DefaultImageManager.java
@@ -9,8 +9,13 @@ import static org.argeo.cms.ui.CmsConstants.NO_IMAGE_SIZE;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.util.StringTokenizer;
 
 import javax.jcr.Binary;
 import javax.jcr.Node;
@@ -150,7 +155,19 @@ public class DefaultImageManager implements CmsImageManager {
 	/** @return null if not available */
 	@Override
 	public String getImageUrl(Node node) throws RepositoryException {
-		return CmsUiUtils.getDataPath(node);
+		return getCleanDataPath(node);
+	}
+
+	/** Clean special character from the URL. */
+	protected String getCleanDataPath(Node node) throws RepositoryException {
+		String path = CmsUiUtils.getDataPath(node);
+		StringTokenizer st = new StringTokenizer(path, "/");
+		StringBuilder sb = new StringBuilder();
+		while (st.hasMoreElements()) {
+			sb.append('/');
+			sb.append(URLEncoder.encode(st.nextToken(), StandardCharsets.UTF_8));
+		}
+		return sb.toString();
 	}
 
 	protected String getResourceName(Node node) throws RepositoryException {
-- 
2.30.2