# HG changeset patch # User Adam Chlipala # Date 1274208476 14400 # Node ID 83b1853d1e588dbba65fdf3f3585dcc31961b5ef # Parent 78b36c50daf97f7ab59ab4388eeb831ad387433b URL-escape with '.' instead of '%', to avoid confusing proxies diff -r 78b36c50daf9 -r 83b1853d1e58 CHANGELOG --- a/CHANGELOG Sun May 16 18:25:00 2010 -0400 +++ b/CHANGELOG Tue May 18 14:47:56 2010 -0400 @@ -1,3 +1,10 @@ +======== +Next +======== + +- Changed URL escaping convention, to avoid confusing proxies. + The new convention is like the normal one, but with '.' instead of '%'. + ======== 20100506 ======== diff -r 78b36c50daf9 -r 83b1853d1e58 lib/js/urweb.js --- a/lib/js/urweb.js Sun May 16 18:25:00 2010 -0400 +++ b/lib/js/urweb.js Tue May 18 14:47:56 2010 -0400 @@ -592,15 +592,19 @@ function uf(s) { if (s.length == 0) return "_"; - return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s); + s = s.replace(new RegExp ("\\.", "g"), ".2E"); + return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s).replace(new RegExp ("%", "g"), "."); } function uu(s) { if (s.length > 0 && s.charAt(0) == '_') { s = s.substring(1); - } else if (s.length >= 3 && s.charAt(0) == '%' && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F')) - s = s.substring(3); - return decodeURIComponent(s.replace(new RegExp ("\\+", "g"), " ")); + } else if (s.length >= 3 && (s.charAt(0) == '%' || s.charAt(0) == '.') + && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F')) + s = s.substring(3); + s = s.replace(new RegExp ("\\+", "g"), " "); + s = s.replace(new RegExp ("\\.", "g"), "%"); + return decodeURIComponent(s); } function atr(s) { diff -r 78b36c50daf9 -r 83b1853d1e58 src/c/urweb.c --- a/src/c/urweb.c Sun May 16 18:25:00 2010 -0400 +++ b/src/c/urweb.c Tue May 18 14:47:56 2010 -0400 @@ -1687,7 +1687,7 @@ else if (isalnum(c)) *p++ = c; else { - sprintf(p, "%%%02X", c); + sprintf(p, ".%02X", c); p += 3; } } @@ -1764,7 +1764,7 @@ else if (isalnum(c)) uw_writec_unsafe(ctx, c); else { - sprintf(ctx->page.front, "%%%02X", c); + sprintf(ctx->page.front, ".%02X", c); ctx->page.front += 3; } } @@ -1822,7 +1822,7 @@ if (!fromClient) { if (*s2 == '_') ++s2; - else if (s2[0] == '%' && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F')) + else if ((s2[0] == '%' || s2[0] == '.') && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F')) s2 += 3; } @@ -1843,6 +1843,18 @@ *s1 = n; s2 += 2; break; + case '.': + if (!fromClient) { + if (s2[1] == 0) + uw_error(ctx, FATAL, "Missing first character of escaped URL byte"); + if (s2[2] == 0) + uw_error(ctx, FATAL, "Missing second character of escaped URL byte"); + if (sscanf(s2+1, "%02X", &n) != 1) + uw_error(ctx, FATAL, "Invalid escaped URL byte starting at: %s", s2); + *s1 = n; + s2 += 2; + break; + } default: *s1 = c; } diff -r 78b36c50daf9 -r 83b1853d1e58 src/mono_opt.sml --- a/src/mono_opt.sml Sun May 16 18:25:00 2010 -0400 +++ b/src/mono_opt.sml Tue May 18 14:47:56 2010 -0400 @@ -1,4 +1,4 @@ -(* Copyright (c) 2008, Adam Chlipala +(* Copyright (c) 2008-2010, Adam Chlipala * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -86,7 +86,7 @@ | ch => if Char.isAlphaNum ch then str ch else - "%" ^ hexIt ch) s + "." ^ hexIt ch) s fun sqlifyInt n = #p_cast (Settings.currentDbms ()) (attrifyInt n, Settings.Int) diff -r 78b36c50daf9 -r 83b1853d1e58 tests/name.ur --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/name.ur Tue May 18 14:47:56 2010 -0400 @@ -0,0 +1,1 @@ +fun hello name = return {[name]} diff -r 78b36c50daf9 -r 83b1853d1e58 tests/name.urp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/name.urp Tue May 18 14:47:56 2010 -0400 @@ -0,0 +1,1 @@ +name diff -r 78b36c50daf9 -r 83b1853d1e58 tests/name.urs --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/name.urs Tue May 18 14:47:56 2010 -0400 @@ -0,0 +1,1 @@ +val hello : string -> transaction page