Mercurial > urweb
changeset 1259:83b1853d1e58
URL-escape with '.' instead of '%', to avoid confusing proxies
author | Adam Chlipala <adamc@hcoop.net> |
---|---|
date | Tue, 18 May 2010 14:47:56 -0400 (2010-05-18) |
parents | 78b36c50daf9 |
children | 25ebd8c4fafb |
files | CHANGELOG lib/js/urweb.js src/c/urweb.c src/mono_opt.sml tests/name.ur tests/name.urp tests/name.urs |
diffstat | 7 files changed, 35 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGELOG Sun May 16 18:25:00 2010 -0400 +++ b/CHANGELOG Tue May 18 14:47:56 2010 -0400 @@ -1,3 +1,10 @@ +======== +Next +======== + +- Changed URL escaping convention, to avoid confusing proxies. + The new convention is like the normal one, but with '.' instead of '%'. + ======== 20100506 ========
--- a/lib/js/urweb.js Sun May 16 18:25:00 2010 -0400 +++ b/lib/js/urweb.js Tue May 18 14:47:56 2010 -0400 @@ -592,15 +592,19 @@ function uf(s) { if (s.length == 0) return "_"; - return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s); + s = s.replace(new RegExp ("\\.", "g"), ".2E"); + return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s).replace(new RegExp ("%", "g"), "."); } function uu(s) { if (s.length > 0 && s.charAt(0) == '_') { s = s.substring(1); - } else if (s.length >= 3 && s.charAt(0) == '%' && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F')) - s = s.substring(3); - return decodeURIComponent(s.replace(new RegExp ("\\+", "g"), " ")); + } else if (s.length >= 3 && (s.charAt(0) == '%' || s.charAt(0) == '.') + && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F')) + s = s.substring(3); + s = s.replace(new RegExp ("\\+", "g"), " "); + s = s.replace(new RegExp ("\\.", "g"), "%"); + return decodeURIComponent(s); } function atr(s) {
--- a/src/c/urweb.c Sun May 16 18:25:00 2010 -0400 +++ b/src/c/urweb.c Tue May 18 14:47:56 2010 -0400 @@ -1687,7 +1687,7 @@ else if (isalnum(c)) *p++ = c; else { - sprintf(p, "%%%02X", c); + sprintf(p, ".%02X", c); p += 3; } } @@ -1764,7 +1764,7 @@ else if (isalnum(c)) uw_writec_unsafe(ctx, c); else { - sprintf(ctx->page.front, "%%%02X", c); + sprintf(ctx->page.front, ".%02X", c); ctx->page.front += 3; } } @@ -1822,7 +1822,7 @@ if (!fromClient) { if (*s2 == '_') ++s2; - else if (s2[0] == '%' && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F')) + else if ((s2[0] == '%' || s2[0] == '.') && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F')) s2 += 3; } @@ -1843,6 +1843,18 @@ *s1 = n; s2 += 2; break; + case '.': + if (!fromClient) { + if (s2[1] == 0) + uw_error(ctx, FATAL, "Missing first character of escaped URL byte"); + if (s2[2] == 0) + uw_error(ctx, FATAL, "Missing second character of escaped URL byte"); + if (sscanf(s2+1, "%02X", &n) != 1) + uw_error(ctx, FATAL, "Invalid escaped URL byte starting at: %s", s2); + *s1 = n; + s2 += 2; + break; + } default: *s1 = c; }
--- a/src/mono_opt.sml Sun May 16 18:25:00 2010 -0400 +++ b/src/mono_opt.sml Tue May 18 14:47:56 2010 -0400 @@ -1,4 +1,4 @@ -(* Copyright (c) 2008, Adam Chlipala +(* Copyright (c) 2008-2010, Adam Chlipala * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -86,7 +86,7 @@ | ch => if Char.isAlphaNum ch then str ch else - "%" ^ hexIt ch) s + "." ^ hexIt ch) s fun sqlifyInt n = #p_cast (Settings.currentDbms ()) (attrifyInt n, Settings.Int)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/name.ur Tue May 18 14:47:56 2010 -0400 @@ -0,0 +1,1 @@ +fun hello name = return <xml>{[name]}</xml>