From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Vivien Kraus Newsgroups: gmane.lisp.guile.devel Subject: [PATCH v2 3/4] Check that key/value parameters in HTTP headers are quoted in needed. Date: Sat, 28 Oct 2023 12:20:43 +0200 Message-ID: <70bcb06db314885054ab7822f9ca9b675617756c.1698489733.git.vivien@planete-kraus.eu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7415"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Evolution 3.46.4 To: guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Sat Oct 28 12:46:15 2023 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qwgpb-0001me-23 for guile-devel@m.gmane-mx.org; Sat, 28 Oct 2023 12:46:15 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qwgp2-0006Ul-Hv; Sat, 28 Oct 2023 06:45:40 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qwgp1-0006UV-8I for guile-devel@gnu.org; Sat, 28 Oct 2023 06:45:39 -0400 Original-Received: from planete-kraus.eu ([89.234.140.182]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1qwgoz-0005lH-G5 for guile-devel@gnu.org; Sat, 28 Oct 2023 06:45:39 -0400 Original-Received: from planete-kraus.eu (localhost.lan [127.0.0.1]) by planete-kraus.eu (OpenSMTPD) with ESMTP id dc4b01f0 for ; Sat, 28 Oct 2023 10:45:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=planete-kraus.eu; h= message-id:in-reply-to:references:from:date:subject:mime-version :content-type:content-transfer-encoding:to; s=albinoniB; bh=ghDC MlMXM8GvOtFsBWq4h6cuNog=; b=bKPIL0Nh/4sE+xaKP4iXv8ep4VH4olKHaKr4 R2Gyn44eyQv0JJNNQRMKQY59kwLidNJ12KgjGfB9gznyUbRSYvOfaZPn3o8DFuHc uUGFKXpUJekjZYTjJnWsesVONH+T7j1IRQKxAxcsk7w6atXoZYxsMC8r9BoNiA7A nTkp3g1hCVf/zguu6mffknuhb74nixIacCDim1H5mlPLC26QJIKiWrcp/brWuv/P A8XismNlTgLC5cwstnBurQhI8XG9/4lJ9pSC/yCMGjwwIPQV5nzS3GOuYTPxljCS 5FUeiSM0YVSXkCQUwGFrD9ZqGrqpe08Vs88+XE69JWXdBRUefQ== Original-Received: by planete-kraus.eu (OpenSMTPD) with ESMTPSA id 381976f1 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO) for ; Sat, 28 Oct 2023 10:45:35 +0000 (UTC) In-Reply-To: Received-SPF: pass client-ip=89.234.140.182; envelope-from=vivien@planete-kraus.eu; helo=planete-kraus.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.lisp.guile.devel:22050 Archived-At: If the value has a space, it should be quoted. In headers with a simple list of strings, the parser would not stop for space, but “key=value and value;” parameters must be quoted, otherwise the parser will expect “and” to be a new token. * test-suite/tests/web-http.test ("general headers"): Test it on Content-Disposition. [Cache-Control test]: Adjust for round-trip. --- module/web/http.scm | 3 ++- test-suite/tests/web-http.test | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/module/web/http.scm b/module/web/http.scm index b34159aab..195265dfd 100644 --- a/module/web/http.scm +++ b/module/web/http.scm @@ -498,7 +498,8 @@ as an ordered alist." (define (default-val-writer k val port) (if (or (string-index val #\;) (string-index val #\,) - (string-index val #\")) + (string-index val #\") + (string-index val #\space)) (write-qstring val port) (put-string port val))) diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.test index 06dd9479c..b73d72ced 100644 --- a/test-suite/tests/web-http.test +++ b/test-suite/tests/web-http.test @@ -242,7 +242,7 @@ (pass-if-parse cache-control "max-stale=10" '((max-stale . 10))) (pass-if-round-trip "Cache-Control: acme-cache-extension\r\n") (pass-if-round-trip "Cache-Control: acme-cache-extension=20\r\n") - (pass-if-round-trip "Cache-Control: acme-cache-extension=100 quux\r\n") + (pass-if-round-trip "Cache-Control: acme-cache-extension=\"100 quux\"\r\n") (pass-if-round-trip "Cache-Control: acme-cache-extension=\"100, quux\"\r\n") (pass-if-parse connection "close" '(close)) @@ -295,6 +295,8 @@ (pass-if-parse allow "foo, bar" '(foo bar)) (pass-if-parse content-disposition "form-data; name=\"file\"; filename=\"q.go\"" '(form-data (name . "file") (filename . "q.go"))) + (pass-if-parse content-disposition "form-data; name=\"file with space\"; filename=\"q.go\"" + '(form-data (name . "file with space") (filename . "q.go"))) (pass-if-parse content-encoding "qux, baz" '(qux baz)) (pass-if-parse content-language "qux, baz" '("qux" "baz")) (pass-if-parse content-length "100" 100) -- 2.41.0