[Chicken-users] Yet another patch for the http egg ``+'' problem...

[Peter Busser]

Hi!

The following episode in the ``+'' processing saga:

I've delved a bit more in the http egg's innards and it looks like
http:canonicalize-string is broken and other functions (such as
http:decode-url) dependend on the broken canonicalization function.

Suppose the following URL is given to http:decode-url, then the

/foo+bar.cgi?test=y&text=foo+bie+blech

Then the location is "/foo+bar.cgi" (not "/foo bar.cgi") and the
arguments should be ((test . "y") (text . "foo bie blech")). In other
words, the ``+'' should only be substituted for everything after the
``?''.

The following URL:

/foo%2bbar.cgi?test=y&text=foo%2bbie%2bblech

Should also give the same results.

The following patch removes the ``+'' substitution in
http:canonicalize-string. And fixes http:decode-url accordingly. It also
moves the ``+'' substitution to other places.

The patch has a ``feature'', which must be removed. When I change the
following line:

(let loop ([i 0] [str (string-translate str " " " ")])

in:

(let loop ([i 0])

Then the compiler will print an error message. At this moment I simply don't
know enough about Scheme to fix this.

BTW, this patch has been tested with POST and GET requests.

To be continued? :-)


diff -uNr orig/http-server.scm new/http-server.scm
--- orig/http-server.scm        2006-02-08 07:41:36.000000000 +0100
+++ new/http-server.scm 2006-02-08 13:30:50.000000000 +0100
@@ -420,7 +420,9 @@
      (map (lambda (def)
            (regex-case def
              ["([^=]+)=(.*)" (_ name value)
-              (cons name (http:canonicalize-string value)) ] 
+              (cons name
+                    (string-translate
+                      (http:canonicalize-string value) "+" " ")) ] 
              [else (cons def #f)] ) )
          data) ) ) )
 
diff -uNr orig/http-utils.scm new/http-utils.scm
--- orig/http-utils.scm 2006-02-07 09:17:05.000000000 +0100
+++ new/http-utils.scm  2006-02-08 13:30:50.000000000 +0100
@@ -101,15 +101,21 @@
 ;;; URL and string operations:
 
 (define (http:decode-url url)
-  (regex-case url
-    ["([^?]+)\\?(.*)" (_ loc args)
-     (values
-      (http:canonicalize-string loc)
-      (parse-encoded-arguments args) ) ] 
-    [else (values (http:canonicalize-string url) '())] ) )
+  (let ((canurl (http:canonicalize-string url)))
+    (regex-case canurl
+      ["([^?]+)\\?(.*)" (_ loc args)
+        (values
+         loc
+         (parse-encoded-arguments args) ) ] 
+       [else
+         (values canurl '())] ) ))
 
+
+;
+; Substitute %xx sequences.
+;
 (define (http:canonicalize-string str)
-  (let loop ([i 0] [str (string-translate str "+" " ")])
+  (let loop ([i 0] [str (string-translate str " " " ")])
     (match (string-search-positions "%[0-9ABCDEFabcdef]{2}" str i)
       [((i1 i2))
        (loop 
@@ -121,7 +127,7 @@
       [_ str] ) ) )
 
 (define (parse-encoded-arguments args)
-  (let ([vals (string-split args "&")])
+  (let ([vals (string-split (string-translate args "+" " ") "&")])
     (map (lambda (def)
           (regex-case def
             ["([^=]+)=(.*)" (_ name val)


Groetjes,
Peter.