Path: (web uri) - split-and-decode-uri-path must preserve plus characters

Path: (web uri) - split-and-decode-uri-path must preserve plus characters

[Brent]

[-- Attachment #1: Type: text/plain, Size: 1364 bytes --]

Hi all,

Attached is a patch to to correct the behaviour of 
split-and-decode-uri-path in uri.scm from guile 2.0.9.

Fault
-------
The faulty behaviour is:

     (use-modules (web uri))
     (split-and-decode-uri-path "xxx/abc+def/yyy")    → ("xxx" "abc def" 
"yyy")

As can be seen, the plus has been erroneously converted to a space.

The correct behaviour is:

     (split-and-decode-uri-path "xxx/abc+def/yyy")    → ("xxx" "abc+def" 
"yyy")

Analysis
------------
The fault is actually in the uri-decode function invoked by 
split-and-decode-uri-path:
it has special logic to check for a #\+ character and convert it to a space.

The reason for this is that uri-decode is also used to decode query 
string for
application/x-www-form-urlencoded requests where spaces are encoded by 
the client
on submission to plus characters.

(see http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1)

Fix
---
The fix is to extend uri-decode with a new keyword argument #:form? that 
is defaulted
to #t. This provides backward compatibility.

split-and-decode-uri-path is modified to call uri-decode with #:form? 
set to #f.

Motivation
---------------
This patch is motivated by the need to embed ISO 8601 timestamps with 
time zones
into URLs:

eg. GET http:/foo.org/aaa/bbb/20140717T072233+0200/xxx/yyy


Please consider this for inclusion.


Thanks,

Brent


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: fix-web-uri-decode-plus-to-space.patch --]
[-- Type: text/x-patch; name="fix-web-uri-decode-plus-to-space.patch", Size: 1267 bytes --]

--- guile-2.0.9/module/web/uri.scm.orig	2013-03-18 23:30:13.000000000 +0200
+++ guile-2.0.9/module/web/uri.scm	2014-07-15 16:08:47.677521012 +0200
@@ -304,7 +304,7 @@
 (define hex-chars
   (string->char-set "0123456789abcdefABCDEF"))
 
-(define* (uri-decode str #:key (encoding "utf-8"))
+(define* (uri-decode str #:key (encoding "utf-8") (form? #t))
   "Percent-decode the given STR, according to ENCODING,
 which should be the name of a character encoding.
 
@@ -330,7 +330,7 @@
                (if (< i len)
                    (let ((ch (string-ref str i)))
                      (cond
-                      ((eqv? ch #\+)
+                      ((and (eqv? ch #\+) form?)
                        (put-u8 port (char->integer #\space))
                        (lp (1+ i)))
                       ((and (< (+ i 2) len) (eqv? ch #\%)
@@ -412,7 +412,8 @@
 For example, ‘\"/foo/bar%20baz/\"’ decodes to the two-element list,
 ‘(\"foo\" \"bar baz\")’."
   (filter (lambda (x) (not (string-null? x)))
-          (map uri-decode (string-split path #\/))))
+          (map (lambda (s) (uri-decode s #:form? #f))
+               (string-split path #\/))))
 
 (define (encode-and-join-uri-path parts)
   "URI-encode each element of PARTS, which should be a list of

Re: Path: (web uri) - split-and-decode-uri-path must preserve plus characters

[Andy Wingo]

Applied, in a slightly reworked form.  This will be in 2.1.4.  Only took
two years :/

Thanks for the patch!

Andy

On Thu 17 Jul 2014 07:24, Brent <brent@tomski.co.za> writes:

> Hi all,
>
> Attached is a patch to to correct the behaviour of
> split-and-decode-uri-path in uri.scm from guile 2.0.9.
>
> Fault
> -------
> The faulty behaviour is:
>
>     (use-modules (web uri))
>     (split-and-decode-uri-path "xxx/abc+def/yyy")    → ("xxx" "abc
> def" "yyy")
>
> As can be seen, the plus has been erroneously converted to a space.
>
> The correct behaviour is:
>
>     (split-and-decode-uri-path "xxx/abc+def/yyy")    → ("xxx"
> "abc+def" "yyy")
>
> Analysis
> ------------
> The fault is actually in the uri-decode function invoked by
> split-and-decode-uri-path:
> it has special logic to check for a #\+ character and convert it to a space.
>
> The reason for this is that uri-decode is also used to decode query
> string for
> application/x-www-form-urlencoded requests where spaces are encoded by
> the client
> on submission to plus characters.
>
> (see http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1)
>
> Fix
> ---
> The fix is to extend uri-decode with a new keyword argument #:form?
> that is defaulted
> to #t. This provides backward compatibility.
>
> split-and-decode-uri-path is modified to call uri-decode with #:form?
> set to #f.
>
> Motivation
> ---------------
> This patch is motivated by the need to embed ISO 8601 timestamps with
> time zones
> into URLs:
>
> eg. GET http:/foo.org/aaa/bbb/20140717T072233+0200/xxx/yyy
>
>
> Please consider this for inclusion.
>
>
> Thanks,
>
> Brent
>
>
> --- guile-2.0.9/module/web/uri.scm.orig	2013-03-18 23:30:13.000000000 +0200
> +++ guile-2.0.9/module/web/uri.scm	2014-07-15 16:08:47.677521012 +0200
> @@ -304,7 +304,7 @@
>  (define hex-chars
>    (string->char-set "0123456789abcdefABCDEF"))
>  
> -(define* (uri-decode str #:key (encoding "utf-8"))
> +(define* (uri-decode str #:key (encoding "utf-8") (form? #t))
>    "Percent-decode the given STR, according to ENCODING,
>  which should be the name of a character encoding.
>  
> @@ -330,7 +330,7 @@
>                 (if (< i len)
>                     (let ((ch (string-ref str i)))
>                       (cond
> -                      ((eqv? ch #\+)
> +                      ((and (eqv? ch #\+) form?)
>                         (put-u8 port (char->integer #\space))
>                         (lp (1+ i)))
>                        ((and (< (+ i 2) len) (eqv? ch #\%)
> @@ -412,7 +412,8 @@
>  For example, €˜\"/foo/bar%20baz/\"€™ decodes to the two-element list,
>  €˜(\"foo\" \"bar baz\")€™."
>    (filter (lambda (x) (not (string-null? x)))
> -          (map uri-decode (string-split path #\/))))
> +          (map (lambda (s) (uri-decode s #:form? #f))
> +               (string-split path #\/))))
>  
>  (define (encode-and-join-uri-path parts)
>    "URI-encode each element of PARTS, which should be a list of