From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ian Price Newsgroups: gmane.lisp.guile.bugs Subject: bug#12244: [patch] URI encoding bugs Date: Mon, 20 Aug 2012 23:19:12 +0100 Message-ID: <87ehn1ryu7.fsf@Kagami.home> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: ger.gmane.org 1345501195 10987 80.91.229.3 (20 Aug 2012 22:19:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 20 Aug 2012 22:19:55 +0000 (UTC) To: 12244@debbugs.gnu.org Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Tue Aug 21 00:19:55 2012 Return-path: Envelope-to: guile-bugs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1T3aK9-0001kk-7u for guile-bugs@m.gmane.org; Tue, 21 Aug 2012 00:19:53 +0200 Original-Received: from localhost ([::1]:40147 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aK7-0003Wp-OW for guile-bugs@m.gmane.org; Mon, 20 Aug 2012 18:19:51 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:57021) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aK4-0003Wk-GE for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:49 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T3aK3-0002ol-91 for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:48 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:59221) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aK3-0002oh-5W for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:47 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1T3aKI-0005Y9-Ct for bug-guile@gnu.org; Mon, 20 Aug 2012 18:20:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Ian Price Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-guile@gnu.org Resent-Date: Mon, 20 Aug 2012 22:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 12244 X-GNU-PR-Package: guile X-GNU-PR-Keywords: patch X-Debbugs-Original-To: bug-guile@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.134550119021307 (code B ref -1); Mon, 20 Aug 2012 22:20:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 20 Aug 2012 22:19:50 +0000 Original-Received: from localhost ([127.0.0.1]:40534 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1T3aK5-0005Xb-VC for submit@debbugs.gnu.org; Mon, 20 Aug 2012 18:19:50 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:33154) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1T3aK3-0005XT-Rg for submit@debbugs.gnu.org; Mon, 20 Aug 2012 18:19:48 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T3aJn-0002ng-5A for submit@debbugs.gnu.org; Mon, 20 Aug 2012 18:19:32 -0400 Original-Received: from lists.gnu.org ([208.118.235.17]:49722) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aJn-0002nc-2B for submit@debbugs.gnu.org; Mon, 20 Aug 2012 18:19:31 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:56969) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aJl-0003WN-Tv for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T3aJk-0002nE-Is for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:29 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:56323) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T3aJk-0002mn-7u for bug-guile@gnu.org; Mon, 20 Aug 2012 18:19:28 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1T3aJj-0001Vk-8t for bug-guile@gnu.org; Tue, 21 Aug 2012 00:19:27 +0200 Original-Received: from host86-182-156-79.range86-182.btcentralplus.com ([86.182.156.79]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 21 Aug 2012 00:19:27 +0200 Original-Received: from ianprice90 by host86-182-156-79.range86-182.btcentralplus.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 21 Aug 2012 00:19:27 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 129 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: host86-182-156-79.range86-182.btcentralplus.com User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) Cancel-Lock: sha1:NCcdE6Y5pizpDc36gIy87qbXGpc= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Original-Sender: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.bugs:6491 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Hi, There are two bugs in the current uri-encode procedure in (web uri). Firstly, if you have an octet less than 16 it only gets encoded to % HEXDIGIT instead of % HEXDIGIT HEXDIGIT. scheme@(guile−user)> (uri-encode "foo\nbar") $30 = "foo%abar" Secondly, if you have a string with no unreserved characters, nothing gets encoded. scheme@(guile−user)> (uri-encode "<>\\^") $31 = "<>\\∧" scheme@(guile−user)> (uri-encode "<>\\^a") $32 = "%3c%3e%5c%5ea" Patches attached. Cheers, -- Ian Price -- shift-reset.com "Programming is like pinball. The reward for doing it well is the opportunity to do it again" - from "The Wizardy Compiled" --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Fix-uri-encoding-for-octets-0-15.patch Content-Description: octets 0-15 patch >From 11f56bd6a4fdf1331ea30cd68b4d77e35215b4a5 Mon Sep 17 00:00:00 2001 From: Ian Price Date: Mon, 20 Aug 2012 23:03:38 +0100 Subject: [PATCH 1/2] Fix uri-encoding for octets 0-15 * module/web/uri.scm (uri-encode): All encoded octets should be of the form % HEXDIGIT HEXDIGIT. * test-suite/tests/web-uri.test ("encode"): Add test. --- module/web/uri.scm | 2 ++ test-suite/tests/web-uri.test | 3 ++- 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/module/web/uri.scm b/module/web/uri.scm index 109118b..3816d02 100644 --- a/module/web/uri.scm +++ b/module/web/uri.scm @@ -377,6 +377,8 @@ the byte." (if (< i len) (let ((byte (bytevector-u8-ref bv i))) (display #\% port) + (when (< byte 16) + (display #\0 port)) (display (number->string byte 16) port) (lp (1+ i)))))))) str))) diff --git a/test-suite/tests/web-uri.test b/test-suite/tests/web-uri.test index 4621a19..a9ded46 100644 --- a/test-suite/tests/web-uri.test +++ b/test-suite/tests/web-uri.test @@ -258,4 +258,5 @@ (equal? "foo bar" (uri-decode "foo+bar")))) (with-test-prefix "encode" - (pass-if (equal? "foo%20bar" (uri-encode "foo bar")))) + (pass-if (equal? "foo%20bar" (uri-encode "foo bar"))) + (pass-if (equal? "foo%0a%00bar" (uri-encode "foo\n\x00bar")))) -- 1.7.7.6 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-Fix-uri-encoding-for-strings-with-no-unreserved-char.patch Content-Description: no unreserved chars patch >From ae4fa3f65c1d49822b5a284a065017673c81e65e Mon Sep 17 00:00:00 2001 From: Ian Price Date: Mon, 20 Aug 2012 23:12:23 +0100 Subject: [PATCH 2/2] Fix uri-encoding for strings with no unreserved chars * module/web/uri.scm (uri-encode): Change test to check for unreserved chars instead of reserved chars. * test-suite/tests/web-uri.test ("encode"): Add test. --- module/web/uri.scm | 4 +++- test-suite/tests/web-uri.test | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/module/web/uri.scm b/module/web/uri.scm index 3816d02..78614a5 100644 --- a/module/web/uri.scm +++ b/module/web/uri.scm @@ -364,7 +364,9 @@ Percent-encoding first writes out the given character to a bytevector within the given @var{encoding}, then encodes each byte as @code{%@var{HH}}, where @var{HH} is the hexadecimal representation of the byte." - (if (string-index str unescaped-chars) + (define (needs-escaped? ch) + (not (char-set-contains? unescaped-chars ch))) + (if (string-index str needs-escaped?) (call-with-output-string* (lambda (port) (string-for-each diff --git a/test-suite/tests/web-uri.test b/test-suite/tests/web-uri.test index a9ded46..3f6e7e3 100644 --- a/test-suite/tests/web-uri.test +++ b/test-suite/tests/web-uri.test @@ -259,4 +259,5 @@ (with-test-prefix "encode" (pass-if (equal? "foo%20bar" (uri-encode "foo bar"))) - (pass-if (equal? "foo%0a%00bar" (uri-encode "foo\n\x00bar")))) + (pass-if (equal? "foo%0a%00bar" (uri-encode "foo\n\x00bar"))) + (pass-if (equal? "%3c%3e%5c%5e" (uri-encode "<>\\^")))) -- 1.7.7.6 --=-=-=--