Browse Source

Separate URL components before percent-decoding

Allow special characters in query string parameters.
Closes #9116.
adaptive-webui-19844
Vladimir Golovnev (Glassez) 6 years ago
parent
commit
b0446380c6
No known key found for this signature in database
GPG Key ID: 52A2C7DEE2DFA6F7
  1. 7
      src/base/bittorrent/tracker.cpp
  2. 11
      src/base/http/requestparser.cpp
  3. 9
      src/webui/webapplication.cpp

7
src/base/bittorrent/tracker.cpp

@ -140,8 +140,11 @@ void Tracker::respondToAnnounceRequest() @@ -140,8 +140,11 @@ void Tracker::respondToAnnounceRequest()
const int sepPos = param.indexOf('=');
if (sepPos <= 0) continue; // ignores params without name
const QString paramName {QString::fromUtf8(param.constData(), sepPos)};
const QByteArray paramValue {param.mid(sepPos + 1)};
const QByteArray nameComponent = midView(param, 0, sepPos);
const QByteArray valueComponent = midView(param, (sepPos + 1));
const QString paramName = QString::fromUtf8(QByteArray::fromPercentEncoding(nameComponent));
const QByteArray paramValue = QByteArray::fromPercentEncoding(valueComponent);
queryParams[paramName] = paramValue;
}

11
src/base/http/requestparser.cpp

@ -180,11 +180,14 @@ bool RequestParser::parseRequestLine(const QString &line) @@ -180,11 +180,14 @@ bool RequestParser::parseRequestLine(const QString &line)
m_request.method = match.captured(1);
// Request Target
const QByteArray decodedUrl {QByteArray::fromPercentEncoding(match.captured(2).toLatin1())};
const int sepPos = decodedUrl.indexOf('?');
m_request.path = QString::fromUtf8(decodedUrl.constData(), (sepPos == -1 ? decodedUrl.size() : sepPos));
// URL components should be separated before percent-decoding
// [rfc3986] 2.4 When to Encode or Decode
const QByteArray url {match.captured(2).toLatin1()};
const int sepPos = url.indexOf('?');
const QByteArray pathComponent = ((sepPos == -1) ? url : Utils::ByteArray::midView(url, 0, sepPos));
m_request.path = QString::fromUtf8(QByteArray::fromPercentEncoding(pathComponent));
if (sepPos >= 0)
m_request.query = decodedUrl.mid(sepPos + 1);
m_request.query = url.mid(sepPos + 1);
// HTTP-version
m_request.version = match.captured(3);

9
src/webui/webapplication.cpp

@ -423,10 +423,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons @@ -423,10 +423,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
const int sepPos = param.indexOf('=');
if (sepPos <= 0) continue; // ignores params without name
const QString paramName {QString::fromUtf8(param.constData(), sepPos)};
const int valuePos = sepPos + 1;
const QString paramValue {
QString::fromUtf8(param.constData() + valuePos, param.size() - valuePos)};
const QByteArray nameComponent = midView(param, 0, sepPos);
const QByteArray valueComponent = midView(param, (sepPos + 1));
const QString paramName = QString::fromUtf8(QByteArray::fromPercentEncoding(nameComponent));
const QString paramValue = QString::fromUtf8(QByteArray::fromPercentEncoding(valueComponent));
m_params[paramName] = paramValue;
}
}

Loading…
Cancel
Save