changeset 1259:83b1853d1e58

URL-escape with '.' instead of '%', to avoid confusing proxies
author Adam Chlipala <adamc@hcoop.net>
date Tue, 18 May 2010 14:47:56 -0400 (2010-05-18)
parents 78b36c50daf9
children 25ebd8c4fafb
files CHANGELOG lib/js/urweb.js src/c/urweb.c src/mono_opt.sml tests/name.ur tests/name.urp tests/name.urs
diffstat 7 files changed, 35 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGELOG	Sun May 16 18:25:00 2010 -0400
+++ b/CHANGELOG	Tue May 18 14:47:56 2010 -0400
@@ -1,3 +1,10 @@
+========
+Next
+========
+
+- Changed URL escaping convention, to avoid confusing proxies.
+  The new convention is like the normal one, but with '.' instead of '%'.
+
 ========
 20100506
 ========
--- a/lib/js/urweb.js	Sun May 16 18:25:00 2010 -0400
+++ b/lib/js/urweb.js	Tue May 18 14:47:56 2010 -0400
@@ -592,15 +592,19 @@
 function uf(s) {
   if (s.length == 0)
     return "_";
-  return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s);
+  s = s.replace(new RegExp ("\\.", "g"), ".2E");
+  return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s).replace(new RegExp ("%", "g"), ".");
 }
 
 function uu(s) {
   if (s.length > 0 && s.charAt(0) == '_') {
     s = s.substring(1);
-  } else if (s.length >= 3 && s.charAt(0) == '%' && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
-    s = s.substring(3);
-  return decodeURIComponent(s.replace(new RegExp ("\\+", "g"), " "));
+  } else if (s.length >= 3 && (s.charAt(0) == '%' || s.charAt(0) == '.')
+             && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
+      s = s.substring(3);
+  s = s.replace(new RegExp ("\\+", "g"), " ");
+  s = s.replace(new RegExp ("\\.", "g"), "%");
+  return decodeURIComponent(s);
 }
 
 function atr(s) {
--- a/src/c/urweb.c	Sun May 16 18:25:00 2010 -0400
+++ b/src/c/urweb.c	Tue May 18 14:47:56 2010 -0400
@@ -1687,7 +1687,7 @@
     else if (isalnum(c))
       *p++ = c;
     else {
-      sprintf(p, "%%%02X", c);
+      sprintf(p, ".%02X", c);
       p += 3;
     }
   }
@@ -1764,7 +1764,7 @@
     else if (isalnum(c))
       uw_writec_unsafe(ctx, c);
     else {
-      sprintf(ctx->page.front, "%%%02X", c);
+      sprintf(ctx->page.front, ".%02X", c);
       ctx->page.front += 3;
     }
   }
@@ -1822,7 +1822,7 @@
   if (!fromClient) {
     if (*s2 == '_')
       ++s2;
-    else if (s2[0] == '%' && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
+    else if ((s2[0] == '%' || s2[0] == '.') && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
       s2 += 3;
   }
 
@@ -1843,6 +1843,18 @@
       *s1 = n;
       s2 += 2;
       break;
+    case '.':
+      if (!fromClient) {
+        if (s2[1] == 0)
+          uw_error(ctx, FATAL, "Missing first character of escaped URL byte");
+        if (s2[2] == 0)
+          uw_error(ctx, FATAL, "Missing second character of escaped URL byte");
+        if (sscanf(s2+1, "%02X", &n) != 1)
+          uw_error(ctx, FATAL, "Invalid escaped URL byte starting at: %s", s2);
+        *s1 = n;
+        s2 += 2;
+        break;
+      }
     default:
       *s1 = c;
     }
--- a/src/mono_opt.sml	Sun May 16 18:25:00 2010 -0400
+++ b/src/mono_opt.sml	Tue May 18 14:47:56 2010 -0400
@@ -1,4 +1,4 @@
-(* Copyright (c) 2008, Adam Chlipala
+(* Copyright (c) 2008-2010, Adam Chlipala
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -86,7 +86,7 @@
                              | ch => if Char.isAlphaNum ch then
                                          str ch
                                      else
-                                         "%" ^ hexIt ch) s
+                                         "." ^ hexIt ch) s
 
 
 fun sqlifyInt n = #p_cast (Settings.currentDbms ()) (attrifyInt n, Settings.Int)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/name.ur	Tue May 18 14:47:56 2010 -0400
@@ -0,0 +1,1 @@
+fun hello name = return <xml>{[name]}</xml>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/name.urp	Tue May 18 14:47:56 2010 -0400
@@ -0,0 +1,1 @@
+name
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/name.urs	Tue May 18 14:47:56 2010 -0400
@@ -0,0 +1,1 @@
+val hello : string -> transaction page