Navigation

← Previous Changeset
Next Changeset →

Changeset 996

Timestamp:

03/27/08 16:46:28 (5 months ago)

Author:

normalperson

Message:

http11_parser: accept '"' (double-quote), '<', and '>' characters in URLs

Some broken web browsers don't properly escape ", <, and > characters
in URLs, however these URLs to occasionally legitimate and sometimes
show up.

This patch was submitted by Eden Li here:

http://rubyforge.org/pipermail/mongrel-users/2006-October/001845.html

This patch was accepted by Zed Shaw here:

http://rubyforge.org/pipermail/mongrel-users/2006-October/001847.html

Files:

trunk/ext/http11/http11_parser.c (modified) (12 diffs)
trunk/ext/http11/http11_parser_common.rl (modified) (1 diff)
trunk/test/test_http11.rb (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/ext/http11/http11_parser.c

r990	r996
485	485	switch( (*p) ) {
486	486	case 32: goto tr30;
	487	case 35: goto st0;
487	488	case 37: goto tr31;
488		~~case 60: goto st0;~~
489		~~case 62: goto st0;~~
490	489	case 127: goto st0;
491	490	}
492		if ( (*p) > 31 ) {
493		if ( 34 <= (p) && (p) <= 35 )
494		goto st0;
495		} else if ( (*p) >= 0 )
	491	if ( 0 <= (p) && (p) <= 31 )
496	492	goto st0;
497	493	goto tr29;
…	…
504	500	goto _out21;
505	501	case 21:
506		#line 507 "http11_parser.c"
	502	#line 503 "http11_parser.c"
507	503	switch( (*p) ) {
508	504	case 32: goto tr30;
	505	case 35: goto st0;
509	506	case 37: goto st22;
510		~~case 60: goto st0;~~
511		~~case 62: goto st0;~~
512	507	case 127: goto st0;
513	508	}
514		if ( (*p) > 31 ) {
515		if ( 34 <= (p) && (p) <= 35 )
516		goto st0;
517		} else if ( (*p) >= 0 )
	509	if ( 0 <= (p) && (p) <= 31 )
518	510	goto st0;
519	511	goto st21;
…	…
526	518	goto _out22;
527	519	case 22:
528		#line 529 "http11_parser.c"
	520	#line 521 "http11_parser.c"
529	521	if ( (*p) < 65 ) {
530	522	if ( 48 <= (p) && (p) <= 57 )
…	…
557	549	goto _out24;
558	550	case 24:
559		#line 560 "http11_parser.c"
	551	#line 552 "http11_parser.c"
560	552	switch( (*p) ) {
561	553	case 43: goto st24;
…	…
582	574	goto _out25;
583	575	case 25:
584		#line 585 "http11_parser.c"
	576	#line 577 "http11_parser.c"
585	577	switch( (*p) ) {
586	578	case 32: goto tr8;
587		~~case 34: goto st0;~~
588	579	case 35: goto tr9;
589	580	case 37: goto st26;
590		~~case 60: goto st0;~~
591		~~case 62: goto st0;~~
592	581	case 127: goto st0;
593	582	}
…	…
629	618	goto _out28;
630	619	case 28:
631		#line 632 "http11_parser.c"
	620	#line 621 "http11_parser.c"
632	621	switch( (*p) ) {
633	622	case 32: goto tr40;
634		~~case 34: goto st0;~~
635	623	case 35: goto tr41;
636	624	case 37: goto st29;
637	625	case 59: goto tr43;
638		~~case 60: goto st0;~~
639		~~case 62: goto st0;~~
640	626	case 63: goto tr44;
641	627	case 127: goto st0;
…	…
681	667	goto _out31;
682	668	case 31:
683		#line 684 "http11_parser.c"
	669	#line 670 "http11_parser.c"
684	670	switch( (*p) ) {
685	671	case 32: goto tr8;
686		~~case 34: goto st0;~~
687	672	case 35: goto tr9;
688	673	case 37: goto st32;
689		~~case 60: goto st0;~~
690		~~case 62: goto st0;~~
691	674	case 63: goto st34;
692	675	case 127: goto st0;
…	…
732	715	goto _out34;
733	716	case 34:
734		#line 735 "http11_parser.c"
	717	#line 718 "http11_parser.c"
735	718	switch( (*p) ) {
736	719	case 32: goto tr51;
737		~~case 34: goto st0;~~
738	720	case 35: goto tr52;
739	721	case 37: goto tr53;
740		~~case 60: goto st0;~~
741		~~case 62: goto st0;~~
742	722	case 127: goto st0;
743	723	}
…	…
753	733	goto _out35;
754	734	case 35:
755		#line 756 "http11_parser.c"
	735	#line 736 "http11_parser.c"
756	736	switch( (*p) ) {
757	737	case 32: goto tr55;
758		~~case 34: goto st0;~~
759	738	case 35: goto tr56;
760	739	case 37: goto st36;
761		~~case 60: goto st0;~~
762		~~case 62: goto st0;~~
763	740	case 127: goto st0;
764	741	}
…	…
774	751	goto _out36;
775	752	case 36:
776		#line 777 "http11_parser.c"
	753	#line 754 "http11_parser.c"
777	754	if ( (*p) < 65 ) {
778	755	if ( 48 <= (p) && (p) <= 57 )
…	…
1204	1181	/* final \r\n combo encountered so stop right here */
1205	1182
1206		#line 1~~207~~ "http11_parser.c"
	1183	#line 1184 "http11_parser.c"
1207	1184	#line 136 "http11_parser.rl"
1208	1185	parser->nread++;
…	…
1217	1194
1218	1195
1219		#line 1~~220~~ "http11_parser.c"
	1196	#line 1197 "http11_parser.c"
1220	1197	#line 147 "http11_parser.rl"
1221	1198

trunk/ext/http11/http11_parser_common.rl

r990	r996
12	12	extra = ("!" \| "*" \| "'" \| "(" \| ")" \| ",");
13	13	reserved = (";" \| "/" \| "?" \| ":" \| "@" \| "&" \| "=" \| "+");
14		unsafe = (CTL \| " " \| "\"" \| "#" \| "%" \| "<" \| ">");
	14	sorta_safe = ("\"" \| "<" \| ">");
	15	unsafe = (CTL \| " " \| "#" \| "%" \| sorta_safe);
15	16	national = any -- (alpha \| digit \| reserved \| extra \| safe \| unsafe);
16	17	unreserved = (alpha \| digit \| safe \| extra \| national);
17	18	escape = ("%" xdigit xdigit);
18		uchar = (unreserved \| escape);
	19	uchar = (unreserved \| escape \| sorta_safe);
19	20	pchar = (uchar \| ":" \| "@" \| "&" \| "=" \| "+");
20	21	tspecials = ("(" \| ")" \| "<" \| ">" \| "@" \| "," \| ";" \| ":" \| "\\" \| "\"" \| "/" \| "[" \| "]" \| "?" \| "=" \| "{" \| "}" \| " " \| "\t");

trunk/test/test_http11.rb

r993	r996
53	53	#assert !parser.error?
54	54	end
	55
	56	def test_parse_ie6_urls
	57	%w(/some/random/path"
	58	/some/random/path>
	59	/some/random/path<
	60	/we/love/you/ie6?q=<"">
	61	/url?<="&>="
	62	/mal"formed"?
	63	).each do \|path\|
	64	parser = HttpParser.new
	65	req = {}
	66	sorta_safe = %(GET #{path} HTTP/1.1\r\n\r\n)
	67	nread = parser.execute(req, sorta_safe, 0)
	68	assert_equal sorta_safe.length, nread
	69	assert parser.finished?
	70	assert !parser.error?
	71	end
	72	end
55	73
56	74	def test_parse_error