Merge pull request #238 from hleuwer/master

Fix URL parsing of userinfo containing # character.
This commit is contained in:
Diego Nehab 2017-11-23 13:28:25 -02:00 committed by GitHub
commit 88b13a825b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 77 additions and 8 deletions

View File

@ -131,11 +131,6 @@ function _M.parse(url, default)
if not url or url == "" then return nil, "invalid url" end if not url or url == "" then return nil, "invalid url" end
-- remove whitespace -- remove whitespace
-- url = string.gsub(url, "%s", "") -- url = string.gsub(url, "%s", "")
-- get fragment
url = string.gsub(url, "#(.*)$", function(f)
parsed.fragment = f
return ""
end)
-- get scheme -- get scheme
url = string.gsub(url, "^([%w][%w%+%-%.]*)%:", url = string.gsub(url, "^([%w][%w%+%-%.]*)%:",
function(s) parsed.scheme = s; return "" end) function(s) parsed.scheme = s; return "" end)
@ -144,6 +139,11 @@ function _M.parse(url, default)
parsed.authority = n parsed.authority = n
return "" return ""
end) end)
-- get fragment
url = string.gsub(url, "#(.*)$", function(f)
parsed.fragment = f
return ""
end)
-- get query string -- get query string
url = string.gsub(url, "%?(.*)", function(q) url = string.gsub(url, "%?(.*)", function(q)
parsed.query = q parsed.query = q

View File

@ -90,6 +90,75 @@ local check_parse_url = function(gaba)
end end
print("testing URL parsing") print("testing URL parsing")
check_parse_url{
url = "scheme://user:pass$%?#wd@host:port/path;params?query#fragment",
scheme = "scheme",
authority = "user:pass$%?#wd@host:port",
host = "host",
port = "port",
userinfo = "user:pass$%?#wd",
password = "pass$%?#wd",
user = "user",
path = "/path",
params = "params",
query = "query",
fragment = "fragment"
}
check_parse_url{
url = "scheme://user:pass?#wd@host:port/path;params?query#fragment",
scheme = "scheme",
authority = "user:pass?#wd@host:port",
host = "host",
port = "port",
userinfo = "user:pass?#wd",
password = "pass?#wd",
user = "user",
path = "/path",
params = "params",
query = "query",
fragment = "fragment"
}
check_parse_url{
url = "scheme://user:pass-wd@host:port/path;params?query#fragment",
scheme = "scheme",
authority = "user:pass-wd@host:port",
host = "host",
port = "port",
userinfo = "user:pass-wd",
password = "pass-wd",
user = "user",
path = "/path",
params = "params",
query = "query",
fragment = "fragment"
}
check_parse_url{
url = "scheme://user:pass#wd@host:port/path;params?query#fragment",
scheme = "scheme",
authority = "user:pass#wd@host:port",
host = "host",
port = "port",
userinfo = "user:pass#wd",
password = "pass#wd",
user = "user",
path = "/path",
params = "params",
query = "query",
fragment = "fragment"
}
check_parse_url{
url = "scheme://user:pass#wd@host:port/path;params?query",
scheme = "scheme",
authority = "user:pass#wd@host:port",
host = "host",
port = "port",
userinfo = "user:pass#wd",
password = "pass#wd",
user = "user",
path = "/path",
params = "params",
query = "query",
}
check_parse_url{ check_parse_url{
url = "scheme://userinfo@host:port/path;params?query#fragment", url = "scheme://userinfo@host:port/path;params?query#fragment",
scheme = "scheme", scheme = "scheme",
@ -608,9 +677,9 @@ check_parse_path("eu/tu", { "eu", "tu" })
print("testing path protection") print("testing path protection")
check_protect({ "eu", "-_.!~*'():@&=+$,", "tu" }, "eu/-_.!~*'():@&=+$,/tu") check_protect({ "eu", "-_.!~*'():@&=+$,", "tu" }, "eu/-_.!~*'():@&=+$,/tu")
check_protect({ "eu ", "~diego" }, "eu%20/~diego") check_protect({ "eu ", "~diego" }, "eu%20/~diego")
check_protect({ "/eu>", "<diego?" }, "%2feu%3e/%3cdiego%3f") check_protect({ "/eu>", "<diego?" }, "%2Feu%3E/%3Cdiego%3F")
check_protect({ "\\eu]", "[diego`" }, "%5ceu%5d/%5bdiego%60") check_protect({ "\\eu]", "[diego`" }, "%5Ceu%5D/%5Bdiego%60")
check_protect({ "{eu}", "|diego\127" }, "%7beu%7d/%7cdiego%7f") check_protect({ "{eu}", "|diego\127" }, "%7Beu%7D/%7Cdiego%7F")
check_protect({ "eu ", "~diego" }, "eu /~diego", 1) check_protect({ "eu ", "~diego" }, "eu /~diego", 1)
check_protect({ "/eu>", "<diego?" }, "/eu>/<diego?", 1) check_protect({ "/eu>", "<diego?" }, "/eu>/<diego?", 1)
check_protect({ "\\eu]", "[diego`" }, "\\eu]/[diego`", 1) check_protect({ "\\eu]", "[diego`" }, "\\eu]/[diego`", 1)