Enfoce single version removal in content versioning

Prior to this commit, content based version strategies would remove all
instances of the version string in the request path when trying to
resolve the original resource with the chain.
This can cause issues in rare cases where there is a collision between
the content version and some other version string in the request path.

Because this strategy is based on the contents of the file itself, we
should only remove the last instance of the version string and then
attempt to resolve the original file.

Fixes gh-36698

Author: bclozel

spring-webflux/src/main/java/org/springframework/web/reactive/resource/AbstractFileNameVersionStrategy.java

@@ -54,7 +54,12 @@ public abstract class AbstractFileNameVersionStrategy implements VersionStrategy
 
 	@Override
 	public String removeVersion(String requestPath, String version) {
-		return StringUtils.delete(requestPath, "-" + version);
+		String versionString = "-" + version;
+		int index = requestPath.lastIndexOf(versionString);
+		if (index != -1) {
+			return requestPath.substring(0, index) + requestPath.substring(index + versionString.length());
+		}
+		return requestPath;
 	}
 
 	@Override

spring-webflux/src/main/java/org/springframework/web/reactive/resource/VersionResourceResolver.java

@@ -180,6 +180,9 @@ private Mono<Resource> resolveVersionedResource(@Nullable ServerWebExchange exch
 		}
 
 		String simplePath = versionStrategy.removeVersion(requestPath, candidate);
+		if (ResourceHandlerUtils.shouldIgnoreInputPath(simplePath)) {
+			return Mono.empty();
+		}
 		return chain.resolveResource(exchange, simplePath, locations)
 				.filterWhen(resource -> versionStrategy.getResourceVersion(resource)
 						.map(actual -> {

spring-webflux/src/test/java/org/springframework/web/reactive/resource/ContentBasedVersionStrategyTests.java

@@ -62,6 +62,14 @@ void removeVersion() {
 		assertThat(this.strategy.removeVersion(String.format(path, "-", hash), hash)).isEqualTo(String.format(path, "", ""));
 	}
 
+	@Test
+	void removeVersionOnlyOnce() {
+		String hash = "sha";
+		String path = "font-awesome/css%s%s/font-awesome.min%s%s.css";
+
+		assertThat(this.strategy.removeVersion(String.format(path, "-", hash, "-", hash), hash)).isEqualTo(String.format(path, "-", hash, "", ""));
+	}
+
 	@Test
 	void getResourceVersion() throws Exception {
 		Resource expected = new ClassPathResource("test/bar.css", getClass());

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/AbstractVersionStrategy.java

@@ -134,7 +134,12 @@ protected static class FileNameVersionPathStrategy implements VersionPathStrateg
 
 		@Override
 		public String removeVersion(String requestPath, String version) {
-			return StringUtils.delete(requestPath, "-" + version);
+			String versionString = "-" + version;
+			int index = requestPath.lastIndexOf(versionString);
+			if (index != -1) {
+				return requestPath.substring(0, index) + requestPath.substring(index + versionString.length());
+			}
+			return requestPath;
 		}
 
 		@Override

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/VersionResourceResolver.java

@@ -177,6 +177,9 @@ public VersionResourceResolver addVersionStrategy(VersionStrategy strategy, Stri
 		}
 
 		String simplePath = versionStrategy.removeVersion(requestPath, candidateVersion);
+		if (ResourceHandlerUtils.shouldIgnoreInputPath(simplePath)) {
+			return null;
+		}
 		Resource baseResource = chain.resolveResource(request, simplePath, locations);
 		if (baseResource == null) {
 			return null;

spring-webmvc/src/test/java/org/springframework/web/servlet/resource/ContentBasedVersionStrategyTests.java

@@ -63,6 +63,14 @@ void removeVersion() {
 		assertThat(this.versionStrategy.removeVersion(String.format(file, "-", hash), hash)).isEqualTo(String.format(file, "", ""));
 	}
 
+	@Test
+	void removeVersionOnlyOnce() {
+		String hash = "sha";
+		String file = "font-awesome/css%s%s/font-awesome.min%s%s.css";
+
+		assertThat(this.versionStrategy.removeVersion(String.format(file, "-", hash, "-", hash), hash)).isEqualTo(String.format(file, "-", hash, "", ""));
+	}
+
 	@Test
 	void getResourceVersion() throws IOException {
 		Resource expected = new ClassPathResource("test/bar.css", getClass());