Bug #8330
closed
WEBrick::HTTPUtils::parse_query replaces plus (+) with space
Description
According to RFC1738, the plus character (+) is a reserved character and may be used unencoded within a URL. Webrick however replaces plus signs with spaces, which violates the spec and causes a loss of information. An encoded plus character (%2B) is correctly decoded by Webrick.
This bug affects Ruby 1.8, 1.9 and 2.0.
$ irb
irb(main):001:0> require "webrick"
=> true
irb(main):002:0> WEBrick::HTTPUtils::parse_query("a+b c")
=> {"a b c"=>""}
irb(main):003:0> WEBrick::HTTPUtils::parse_query("a%2Bb%20c")
=> {"a+b c"=>""}
irb(main):004:0> ^D
Updated by ayumin (Ayumu AIZAWA) almost 11 years ago
I am not sure about RFC, but attached patch could fix this issue.
I want to get feedback from an expert about this.
https://github.com/ayumin/ruby/commit/179602196f25d1fd7350cfd88a44f0a5c49be3aa
Updated by ayumin (Ayumu AIZAWA) almost 11 years ago
- Category set to lib
- Assignee set to ayumin (Ayumu AIZAWA)
Updated by naruse (Yui NARUSE) almost 11 years ago
- Status changed from Open to Rejected
WEBrick::HTTPUtils::parse_query decodes application/x-www-form-urlencoded; it's encodes " " as "+".
see also http://url.spec.whatwg.org/#application/x-www-form-urlencoded