Project

General

Profile

Actions

Backport #5843

closed

URI::HTTP and Net::HTTP do not escape \n characters in the query-string

Added by postmodern (Hal Brodigan) about 12 years ago. Updated over 11 years ago.

Status:
Closed
[ruby-core:<unknown>]

Description

When building new URI::HTTP objects, \n characters in the query-string are not escaped. An unescaped \n character will cause two lines to be sent to an HTTP Server when passed to Net::HTTP.get, which causes parsing errors.

require 'uri/http'
require 'net/http'

uri = URI::HTTP.build(:host => 'www.example.com', :path => '/', :query => "hello\nworld")
Net::HTTP.get(uri)

00000000  47 45 54 20 2f 3f 68 65  6c 6c 6f 0a 77 6f 72 6c GET /?he llo.worl
00000010  64 20 48 54 54 50 2f 31  2e 31 0d 0a 41 63 63 65 d HTTP/1 .1..Acce
00000020  70 74 3a 20 2a 2f 2a 0d  0a 55 73 65 72 2d 41 67 pt: */*. .User-Ag
00000030  65 6e 74 3a 20 52 75 62  79 0d 0a 48 6f 73 74 3a ent: Rub y..Host:
00000040  20 77 77 77 2e 65 78 61  6d 70 6c 65 2e 63 6f 6d  www.exa mple.com
00000050  0d 0a 0d 0a                                      ....
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0