Browse Source

Merge pull request #10225 from glassez/http-request

Separate URL components before percent-decoding. Closes #9116
adaptive-webui-19844
Vladimir Golovnev 6 years ago committed by GitHub
parent
commit
5b82b681cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 7
      src/base/bittorrent/tracker.cpp
  2. 11
      src/base/http/requestparser.cpp
  3. 9
      src/webui/webapplication.cpp

7
src/base/bittorrent/tracker.cpp

@ -140,8 +140,11 @@ void Tracker::respondToAnnounceRequest()
const int sepPos = param.indexOf('='); const int sepPos = param.indexOf('=');
if (sepPos <= 0) continue; // ignores params without name if (sepPos <= 0) continue; // ignores params without name
const QString paramName {QString::fromUtf8(param.constData(), sepPos)}; const QByteArray nameComponent = midView(param, 0, sepPos);
const QByteArray paramValue {param.mid(sepPos + 1)}; const QByteArray valueComponent = midView(param, (sepPos + 1));
const QString paramName = QString::fromUtf8(QByteArray::fromPercentEncoding(nameComponent));
const QByteArray paramValue = QByteArray::fromPercentEncoding(valueComponent);
queryParams[paramName] = paramValue; queryParams[paramName] = paramValue;
} }

11
src/base/http/requestparser.cpp

@ -180,11 +180,14 @@ bool RequestParser::parseRequestLine(const QString &line)
m_request.method = match.captured(1); m_request.method = match.captured(1);
// Request Target // Request Target
const QByteArray decodedUrl {QByteArray::fromPercentEncoding(match.captured(2).toLatin1())}; // URL components should be separated before percent-decoding
const int sepPos = decodedUrl.indexOf('?'); // [rfc3986] 2.4 When to Encode or Decode
m_request.path = QString::fromUtf8(decodedUrl.constData(), (sepPos == -1 ? decodedUrl.size() : sepPos)); const QByteArray url {match.captured(2).toLatin1()};
const int sepPos = url.indexOf('?');
const QByteArray pathComponent = ((sepPos == -1) ? url : Utils::ByteArray::midView(url, 0, sepPos));
m_request.path = QString::fromUtf8(QByteArray::fromPercentEncoding(pathComponent));
if (sepPos >= 0) if (sepPos >= 0)
m_request.query = decodedUrl.mid(sepPos + 1); m_request.query = url.mid(sepPos + 1);
// HTTP-version // HTTP-version
m_request.version = match.captured(3); m_request.version = match.captured(3);

9
src/webui/webapplication.cpp

@ -423,10 +423,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
const int sepPos = param.indexOf('='); const int sepPos = param.indexOf('=');
if (sepPos <= 0) continue; // ignores params without name if (sepPos <= 0) continue; // ignores params without name
const QString paramName {QString::fromUtf8(param.constData(), sepPos)}; const QByteArray nameComponent = midView(param, 0, sepPos);
const int valuePos = sepPos + 1; const QByteArray valueComponent = midView(param, (sepPos + 1));
const QString paramValue {
QString::fromUtf8(param.constData() + valuePos, param.size() - valuePos)}; const QString paramName = QString::fromUtf8(QByteArray::fromPercentEncoding(nameComponent));
const QString paramValue = QString::fromUtf8(QByteArray::fromPercentEncoding(valueComponent));
m_params[paramName] = paramValue; m_params[paramName] = paramValue;
} }
} }

Loading…
Cancel
Save