Actions
Bug #12363
closedURI::Generic.build allows invalid input
Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
Description
Reproduce:
require 'uri'
invalid_host = 'ex_ample.com'
invalid_userinfo = 'uuuu:pp/pp'
uri = URI::Generic.new('http', invalid_userinfo, invalid_host, 80, nil, '/', nil, nil, nil)
uri.to_s
#=> "http://uuuu:pp/pp@ex_ample.com:80/"
uri.userinfo = uri.userinfo
# raise URI::InvalidComponentError
uri.host = uri.host
# raise URI::InvalidComponentError
It should be expected that these are already encoded, so invalid characters in URI fields should not be allowed. These should be consistent with writer methods userinfo=
, host=
, etc.
Updated by avit (Andrew Vit) almost 8 years ago
- ruby -v changed from ruby 2.1.8p440 to ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
Updated by naruse (Yui NARUSE) almost 8 years ago
- Status changed from Open to Rejected
URI::Generic.new has 11th argument named arg_check even though its default is false.
irb(main):006:0> uri = URI::Generic.new('http', invalid_userinfo, invalid_host, 80, nil, '/', nil, nil, nil,nil, true)
URI::InvalidComponentError: bad component(expected user component): pp/pp
from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:430:in `check_password'
from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:380:in `check_userinfo'
from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:445:in `userinfo='
from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:188:in `initialize'
from (irb):6:in `new'
from (irb):6
from /home/naruse/.rbenv/versions/2.3.1/bin/irb:11:in `<main>'
Actions
Like0
Like0Like0