diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | lib/uri/common.rb | 9 | ||||
| -rw-r--r-- | test/uri/test_common.rb | 8 |
3 files changed, 21 insertions, 4 deletions
@@ -1,3 +1,11 @@ +Fri Apr 9 20:54:10 2010 NARUSE, Yui <naruse@ruby-lang.org> + + * lib/uri/common.rb (decode_www_form): don't ignore leading '?'. + [ruby-dev:40938] + + * lib/uri/common.rb (decode_www_form): check whether argument is + valid application/x-www-form-urlencoded data. + Fri Apr 9 20:29:13 2010 Yusuke Endoh <mame@tsg.ne.jp> * dir.c (push_glob): clear up the previous commit (RB_GC_GUARD can diff --git a/lib/uri/common.rb b/lib/uri/common.rb index 5d0d95fb3f..a20ce0c981 100644 --- a/lib/uri/common.rb +++ b/lib/uri/common.rb @@ -805,6 +805,9 @@ module URI str end + # :nodoc: + WFKV_ = '(?:%\h\h|[^%#=;&])' + # Decode URL-encoded form data from given +str+. # # This decodes application/x-www-form-urlencoded data @@ -826,11 +829,11 @@ module URI # # See URI.decode_www_form_component, URI.encode_www_form def self.decode_www_form(str, enc=Encoding::UTF_8) - ary = [] - unless /\A\??(?<query>[^=;&]*=[^;&]*(?:[;&][^=;&]*=[^;&]*)*)\z/ =~ str + unless /\A#{WFKV_}*=#{WFKV_}*(?:[;&]#{WFKV_}*=#{WFKV_}*)*\z/o =~ str raise ArgumentError, "invalid data of application/x-www-form-urlencoded (#{str})" end - query.scan(/([^=;&]+)=([^;&]*)/) do + ary = [] + $&.scan(/([^=;&]+)=([^;&]*)/) do ary << [decode_www_form_component($1, enc), decode_www_form_component($2, enc)] end ary diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb index 9f39e843d3..5e575e21a6 100644 --- a/test/uri/test_common.rb +++ b/test/uri/test_common.rb @@ -86,7 +86,13 @@ class TestCommon < Test::Unit::TestCase def test_decode_www_form assert_equal([%w[a 1], %w[a 2]], URI.decode_www_form("a=1&a=2")) assert_equal([%w[a 1], ["\u3042", "\u6F22"]], - URI.decode_www_form("a=1&%E3%81%82=%E6%BC%A2")) + URI.decode_www_form("a=1;%E3%81%82=%E6%BC%A2")) + assert_equal([%w[?a 1], %w[a 2]], URI.decode_www_form("?a=1&a=2")) + assert_raise(ArgumentError){URI.decode_www_form("%=1")} + assert_raise(ArgumentError){URI.decode_www_form("a=%")} + assert_raise(ArgumentError){URI.decode_www_form("a=1&%=2")} + assert_raise(ArgumentError){URI.decode_www_form("a=1&b=%")} + assert_raise(ArgumentError){URI.decode_www_form("a&b")} end end |