diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | lib/uri/common.rb | 18 | ||||
-rw-r--r-- | test/uri/test_common.rb | 2 |
3 files changed, 18 insertions, 11 deletions
@@ -1,3 +1,12 @@ +Sun Apr 11 07:01:41 2010 NARUSE, Yui <naruse@ruby-lang.org> + + * lib/uri/common.rb (decode_www_form_component): validate. + [ruby-dev:40938] + + * lib/uri/common.rb (decode_www_form): allow empty string. + + * lib/uri/common.rb: fix nodoc for constant. [ruby-dev:40949] + Sat Apr 10 21:26:22 2010 NARUSE, Yui <naruse@ruby-lang.org> * lib/rdoc/markup/preprocess.rb (RDoc::Markup::PreProcess#handle): diff --git a/lib/uri/common.rb b/lib/uri/common.rb index a20ce0c981..58fd422a5d 100644 --- a/lib/uri/common.rb +++ b/lib/uri/common.rb @@ -716,15 +716,10 @@ module URI DEFAULT_PARSER.make_regexp(schemes) end - # :nodoc: - TBLENCWWWCOMP_ = {} - - # :nodoc: - TBLDECWWWCOMP_ = {} - - # :nodoc: + TBLENCWWWCOMP_ = {} # :nodoc: + TBLDECWWWCOMP_ = {} # :nodoc: HTML5ASCIIINCOMPAT = [Encoding::UTF_7, Encoding::UTF_16BE, Encoding::UTF_16LE, - Encoding::UTF_32BE, Encoding::UTF_32LE] + Encoding::UTF_32BE, Encoding::UTF_32LE] # :nodoc: # Encode given +str+ to URL-encoded form data. # @@ -770,6 +765,7 @@ module URI TBLDECWWWCOMP_['+'] = ' ' TBLDECWWWCOMP_.freeze end + raise ArgumentError, "invalid %-encoding (#{str})" unless /\A(?:%\h\h|[^%]+)*\z/ =~ str str.gsub(/\+|%\h\h/, TBLDECWWWCOMP_).force_encoding(enc) end @@ -796,7 +792,7 @@ module URI if str str << '&' else - str = ''.force_encoding(Encoding::US_ASCII) + str = nil.to_s end str << encode_www_form_component(k) str << '=' @@ -805,8 +801,7 @@ module URI str end - # :nodoc: - WFKV_ = '(?:%\h\h|[^%#=;&])' + WFKV_ = '(?:%\h\h|[^%#=;&]+)' # :nodoc: # Decode URL-encoded form data from given +str+. # @@ -829,6 +824,7 @@ module URI # # See URI.decode_www_form_component, URI.encode_www_form def self.decode_www_form(str, enc=Encoding::UTF_8) + return [] if str.empty? unless /\A#{WFKV_}*=#{WFKV_}*(?:[;&]#{WFKV_}*=#{WFKV_}*)*\z/o =~ str raise ArgumentError, "invalid data of application/x-www-form-urlencoded (#{str})" end diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb index 5e575e21a6..01381b20e6 100644 --- a/test/uri/test_common.rb +++ b/test/uri/test_common.rb @@ -69,6 +69,7 @@ class TestCommon < Test::Unit::TestCase "AZ%5B%5C%5D%5E_%60az%7B%7C%7D%7E")) assert_equal("\xA1\xA2".force_encoding(Encoding::EUC_JP), URI.decode_www_form_component("%A1%A2", "EUC-JP")) + assert_raise(ArgumentError){URI.decode_www_form_component("%")} end def test_encode_www_form @@ -88,6 +89,7 @@ class TestCommon < Test::Unit::TestCase assert_equal([%w[a 1], ["\u3042", "\u6F22"]], URI.decode_www_form("a=1;%E3%81%82=%E6%BC%A2")) assert_equal([%w[?a 1], %w[a 2]], URI.decode_www_form("?a=1&a=2")) + assert_equal([], URI.decode_www_form("")) assert_raise(ArgumentError){URI.decode_www_form("%=1")} assert_raise(ArgumentError){URI.decode_www_form("a=%")} assert_raise(ArgumentError){URI.decode_www_form("a=1&%=2")} |