diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-04-09 11:58:20 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-04-09 11:58:20 +0000 |
commit | 8a3c3b9c95955bba7f143c44136a043568d88b94 (patch) | |
tree | 778be4eadcecb92fbc9c5dd76e2a4d455077ff1a | |
parent | 1f2def7dd84da6477df1ef9b4e8b39f6ce6f04cb (diff) | |
download | ruby-8a3c3b9c95955bba7f143c44136a043568d88b94.tar.gz |
* lib/uri/common.rb (decode_www_form): don't ignore leading '?'.
[ruby-dev:40938]
* lib/uri/common.rb (decode_www_form): check whether argument is
valid application/x-www-form-urlencoded data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | lib/uri/common.rb | 9 | ||||
-rw-r--r-- | test/uri/test_common.rb | 8 |
3 files changed, 21 insertions, 4 deletions
@@ -1,3 +1,11 @@ +Fri Apr 9 20:54:10 2010 NARUSE, Yui <naruse@ruby-lang.org> + + * lib/uri/common.rb (decode_www_form): don't ignore leading '?'. + [ruby-dev:40938] + + * lib/uri/common.rb (decode_www_form): check whether argument is + valid application/x-www-form-urlencoded data. + Fri Apr 9 20:29:13 2010 Yusuke Endoh <mame@tsg.ne.jp> * dir.c (push_glob): clear up the previous commit (RB_GC_GUARD can diff --git a/lib/uri/common.rb b/lib/uri/common.rb index 5d0d95fb3f..a20ce0c981 100644 --- a/lib/uri/common.rb +++ b/lib/uri/common.rb @@ -805,6 +805,9 @@ module URI str end + # :nodoc: + WFKV_ = '(?:%\h\h|[^%#=;&])' + # Decode URL-encoded form data from given +str+. # # This decodes application/x-www-form-urlencoded data @@ -826,11 +829,11 @@ module URI # # See URI.decode_www_form_component, URI.encode_www_form def self.decode_www_form(str, enc=Encoding::UTF_8) - ary = [] - unless /\A\??(?<query>[^=;&]*=[^;&]*(?:[;&][^=;&]*=[^;&]*)*)\z/ =~ str + unless /\A#{WFKV_}*=#{WFKV_}*(?:[;&]#{WFKV_}*=#{WFKV_}*)*\z/o =~ str raise ArgumentError, "invalid data of application/x-www-form-urlencoded (#{str})" end - query.scan(/([^=;&]+)=([^;&]*)/) do + ary = [] + $&.scan(/([^=;&]+)=([^;&]*)/) do ary << [decode_www_form_component($1, enc), decode_www_form_component($2, enc)] end ary diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb index 9f39e843d3..5e575e21a6 100644 --- a/test/uri/test_common.rb +++ b/test/uri/test_common.rb @@ -86,7 +86,13 @@ class TestCommon < Test::Unit::TestCase def test_decode_www_form assert_equal([%w[a 1], %w[a 2]], URI.decode_www_form("a=1&a=2")) assert_equal([%w[a 1], ["\u3042", "\u6F22"]], - URI.decode_www_form("a=1&%E3%81%82=%E6%BC%A2")) + URI.decode_www_form("a=1;%E3%81%82=%E6%BC%A2")) + assert_equal([%w[?a 1], %w[a 2]], URI.decode_www_form("?a=1&a=2")) + assert_raise(ArgumentError){URI.decode_www_form("%=1")} + assert_raise(ArgumentError){URI.decode_www_form("a=%")} + assert_raise(ArgumentError){URI.decode_www_form("a=1&%=2")} + assert_raise(ArgumentError){URI.decode_www_form("a=1&b=%")} + assert_raise(ArgumentError){URI.decode_www_form("a&b")} end end |