Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem

From:	Zbigniew
Subject:	Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem...
Date:	Wed, 15 Feb 2006 16:28:44 -0600

I believe there is a serious regression in this patch.  The URL is
being canonicalized in its entirety at the beginning of
http:decode-url, before it is taken apart.  This is not correct,
because escaped characters should only be unescaped -after- breaking
the URL down into pathname and key/value pairs.  In other words, only
unescaped ?, = and & serve as delimiters.  Otherwise, how would you
pass ? = or & as part of a value?

Similarly, in the URL
/foo%2bbar.cgi?test=y&text=foo%2bbie%2bblech

"text" should receive the value "foo+bie+blech", not "foo bie blech". 
Otherwise, you could never pass a real + as part of a value.

So the unpatched version was correct, except that it was converting +
into spaces in the URL path itself.

Attached is a patch against current SVN.  Peter, can you test this on
your setup?

Below (so that it's easier to read) is a patch against the original version.

===================================================================
--- http-utils.scm      (revision 220)
+++ http-utils.scm      (working copy)
@@ -104,12 +104,16 @@
   (regex-case url
     ["([^?]+)\\?(.*)" (_ loc args)
      (values
-      (http:canonicalize-string loc)
+      (http:unescape-string loc)
       (parse-encoded-arguments args) ) ]
-    [else (values (http:canonicalize-string url) '())] ) )
+    [else (values (http:unescape-string url) '())] ) )

 (define (http:canonicalize-string str)
-  (let loop ([i 0] [str (string-translate str "+" " ")])
+  (http:unescape-string
+   (string-translate str "+" " ")))
+
+(define (http:unescape-string str)
+  (let loop ([i 0] (str str))
     (match (string-search-positions "%[0-9ABCDEFabcdef]{2}" str i)
       [((i1 i2))
        (loop

On 2/8/06, Peter Busser <address@hidden> wrote:
> Suppose the following URL is given to http:decode-url

> /foo+bar.cgi?test=y&text=foo+bie+blech

> Then the location is "/foo+bar.cgi" (not "/foo bar.cgi") and the
> arguments should be ((test . "y") (text . "foo bie blech")).

> The following URL:
>
> /foo%2bbar.cgi?test=y&text=foo%2bbie%2bblech
>
> Should also give the same results.
>
> The following patch removes the ``+'' substitution in
> http:canonicalize-string. And fixes http:decode-url accordingly. It also
> moves the ``+'' substitution to other places.

http-fix.patch
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem..., Zbigniew <=
- Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem..., Peter Busser, 2006/02/16
  - Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem..., Zbigniew, 2006/02/16
    - Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem..., felix winkelmann, 2006/02/17

Prev by Date: [Chicken-users] C_WINDOWS_DLL never defined
Next by Date: Re: [Chicken-users] To whom it may concern: Working on TinT
Previous by thread: [Chicken-users] C_WINDOWS_DLL never defined
Next by thread: Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem...
Index(es):
- Date
- Thread