Backport #5843
closedURI::HTTP and Net::HTTP do not escape \n characters in the query-string
Description
When building new URI::HTTP objects, \n characters in the query-string are not escaped. An unescaped \n character will cause two lines to be sent to an HTTP Server when passed to Net::HTTP.get, which causes parsing errors.
require 'uri/http'
require 'net/http'
uri = URI::HTTP.build(:host => 'www.example.com', :path => '/', :query => "hello\nworld")
Net::HTTP.get(uri)
00000000 47 45 54 20 2f 3f 68 65 6c 6c 6f 0a 77 6f 72 6c GET /?he llo.worl
00000010 64 20 48 54 54 50 2f 31 2e 31 0d 0a 41 63 63 65 d HTTP/1 .1..Acce
00000020 70 74 3a 20 2a 2f 2a 0d 0a 55 73 65 72 2d 41 67 pt: */*. .User-Ag
00000030 65 6e 74 3a 20 52 75 62 79 0d 0a 48 6f 73 74 3a ent: Rub y..Host:
00000040 20 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d www.exa mple.com
00000050 0d 0a 0d 0a ....
Updated by naruse (Yui NARUSE) almost 13 years ago
Arguments given to URI.build must be escaped.
You must escape \n by yourself.
Anyway it is a bug, URI.build must raise URI::InvalidComponentError.
I'll fix it.
Updated by naruse (Yui NARUSE) almost 13 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r34214.
Hal, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- lib/uri/common.rb (URI::Parser#initialize_regexp):
use \A \z instead of ^ $. [Bug #5843]
Updated by postmodern (Hal Brodigan) almost 13 years ago
Thanks for resolving this! Any idea when this fix will be shipped, 1.9.3-p125 still has this bug.
Updated by naruse (Yui NARUSE) almost 13 years ago
- Tracker changed from Bug to Backport
- Project changed from Ruby master to Backport193
- Category deleted (
lib)
Updated by postmodern (Hal Brodigan) over 12 years ago
Should this also be prevented in Net::HTTP with a simple URI.escape(path_query,"\n") ?
Updated by naruse (Yui NARUSE) over 12 years ago
postmodern (Hal Brodigan) wrote:
Should this also be prevented in Net::HTTP with a simple URI.escape(path_query,"\n") ?
what?