[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem
From: |
Zbigniew |
Subject: |
Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem... |
Date: |
Wed, 15 Feb 2006 16:28:44 -0600 |
I believe there is a serious regression in this patch. The URL is
being canonicalized in its entirety at the beginning of
http:decode-url, before it is taken apart. This is not correct,
because escaped characters should only be unescaped -after- breaking
the URL down into pathname and key/value pairs. In other words, only
unescaped ?, = and & serve as delimiters. Otherwise, how would you
pass ? = or & as part of a value?
Similarly, in the URL
/foo%2bbar.cgi?test=y&text=foo%2bbie%2bblech
"text" should receive the value "foo+bie+blech", not "foo bie blech".
Otherwise, you could never pass a real + as part of a value.
So the unpatched version was correct, except that it was converting +
into spaces in the URL path itself.
Attached is a patch against current SVN. Peter, can you test this on
your setup?
Below (so that it's easier to read) is a patch against the original version.
===================================================================
--- http-utils.scm (revision 220)
+++ http-utils.scm (working copy)
@@ -104,12 +104,16 @@
(regex-case url
["([^?]+)\\?(.*)" (_ loc args)
(values
- (http:canonicalize-string loc)
+ (http:unescape-string loc)
(parse-encoded-arguments args) ) ]
- [else (values (http:canonicalize-string url) '())] ) )
+ [else (values (http:unescape-string url) '())] ) )
(define (http:canonicalize-string str)
- (let loop ([i 0] [str (string-translate str "+" " ")])
+ (http:unescape-string
+ (string-translate str "+" " ")))
+
+(define (http:unescape-string str)
+ (let loop ([i 0] (str str))
(match (string-search-positions "%[0-9ABCDEFabcdef]{2}" str i)
[((i1 i2))
(loop
On 2/8/06, Peter Busser <address@hidden> wrote:
> Suppose the following URL is given to http:decode-url
> /foo+bar.cgi?test=y&text=foo+bie+blech
> Then the location is "/foo+bar.cgi" (not "/foo bar.cgi") and the
> arguments should be ((test . "y") (text . "foo bie blech")).
> The following URL:
>
> /foo%2bbar.cgi?test=y&text=foo%2bbie%2bblech
>
> Should also give the same results.
>
> The following patch removes the ``+'' substitution in
> http:canonicalize-string. And fixes http:decode-url accordingly. It also
> moves the ``+'' substitution to other places.
http-fix.patch
Description: Binary data
- Re: [Chicken-users] A patch for the patch for the http egg ``+'' problem...,
Zbigniew <=