summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Adam Chlipala <adamc@hcoop.net>2010-05-18 14:47:56 -0400
committerGravatar Adam Chlipala <adamc@hcoop.net>2010-05-18 14:47:56 -0400
commit25792a154d53d515917c41256610a03a0a9de5f9 (patch)
tree3e8963a10acbb1574ae8f981a1fe663684ab82f2
parente5c543adfe4a27b347ce2e78a94727f1e50c8f43 (diff)
URL-escape with '.' instead of '%', to avoid confusing proxies
-rw-r--r--CHANGELOG7
-rw-r--r--lib/js/urweb.js12
-rw-r--r--src/c/urweb.c18
-rw-r--r--src/mono_opt.sml4
-rw-r--r--tests/name.ur1
-rw-r--r--tests/name.urp1
-rw-r--r--tests/name.urs1
7 files changed, 35 insertions, 9 deletions
diff --git a/CHANGELOG b/CHANGELOG
index abc34ba9..bad97037 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,11 @@
========
+Next
+========
+
+- Changed URL escaping convention, to avoid confusing proxies.
+ The new convention is like the normal one, but with '.' instead of '%'.
+
+========
20100506
========
diff --git a/lib/js/urweb.js b/lib/js/urweb.js
index 697f197f..68beb76c 100644
--- a/lib/js/urweb.js
+++ b/lib/js/urweb.js
@@ -592,15 +592,19 @@ function pflo(s) {
function uf(s) {
if (s.length == 0)
return "_";
- return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s);
+ s = s.replace(new RegExp ("\\.", "g"), ".2E");
+ return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s).replace(new RegExp ("%", "g"), ".");
}
function uu(s) {
if (s.length > 0 && s.charAt(0) == '_') {
s = s.substring(1);
- } else if (s.length >= 3 && s.charAt(0) == '%' && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
- s = s.substring(3);
- return decodeURIComponent(s.replace(new RegExp ("\\+", "g"), " "));
+ } else if (s.length >= 3 && (s.charAt(0) == '%' || s.charAt(0) == '.')
+ && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
+ s = s.substring(3);
+ s = s.replace(new RegExp ("\\+", "g"), " ");
+ s = s.replace(new RegExp ("\\.", "g"), "%");
+ return decodeURIComponent(s);
}
function atr(s) {
diff --git a/src/c/urweb.c b/src/c/urweb.c
index 6815c85b..141aa06b 100644
--- a/src/c/urweb.c
+++ b/src/c/urweb.c
@@ -1687,7 +1687,7 @@ char *uw_Basis_urlifyString(uw_context ctx, uw_Basis_string s) {
else if (isalnum(c))
*p++ = c;
else {
- sprintf(p, "%%%02X", c);
+ sprintf(p, ".%02X", c);
p += 3;
}
}
@@ -1764,7 +1764,7 @@ uw_unit uw_Basis_urlifyString_w(uw_context ctx, uw_Basis_string s) {
else if (isalnum(c))
uw_writec_unsafe(ctx, c);
else {
- sprintf(ctx->page.front, "%%%02X", c);
+ sprintf(ctx->page.front, ".%02X", c);
ctx->page.front += 3;
}
}
@@ -1822,7 +1822,7 @@ static uw_Basis_string uw_unurlifyString_to(int fromClient, uw_context ctx, char
if (!fromClient) {
if (*s2 == '_')
++s2;
- else if (s2[0] == '%' && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
+ else if ((s2[0] == '%' || s2[0] == '.') && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
s2 += 3;
}
@@ -1843,6 +1843,18 @@ static uw_Basis_string uw_unurlifyString_to(int fromClient, uw_context ctx, char
*s1 = n;
s2 += 2;
break;
+ case '.':
+ if (!fromClient) {
+ if (s2[1] == 0)
+ uw_error(ctx, FATAL, "Missing first character of escaped URL byte");
+ if (s2[2] == 0)
+ uw_error(ctx, FATAL, "Missing second character of escaped URL byte");
+ if (sscanf(s2+1, "%02X", &n) != 1)
+ uw_error(ctx, FATAL, "Invalid escaped URL byte starting at: %s", s2);
+ *s1 = n;
+ s2 += 2;
+ break;
+ }
default:
*s1 = c;
}
diff --git a/src/mono_opt.sml b/src/mono_opt.sml
index fb6ff264..cf1b1cfe 100644
--- a/src/mono_opt.sml
+++ b/src/mono_opt.sml
@@ -1,4 +1,4 @@
-(* Copyright (c) 2008, Adam Chlipala
+(* Copyright (c) 2008-2010, Adam Chlipala
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -86,7 +86,7 @@ fun urlifyString s =
| ch => if Char.isAlphaNum ch then
str ch
else
- "%" ^ hexIt ch) s
+ "." ^ hexIt ch) s
fun sqlifyInt n = #p_cast (Settings.currentDbms ()) (attrifyInt n, Settings.Int)
diff --git a/tests/name.ur b/tests/name.ur
new file mode 100644
index 00000000..49e02c2d
--- /dev/null
+++ b/tests/name.ur
@@ -0,0 +1 @@
+fun hello name = return <xml>{[name]}</xml>
diff --git a/tests/name.urp b/tests/name.urp
new file mode 100644
index 00000000..f121bdbf
--- /dev/null
+++ b/tests/name.urp
@@ -0,0 +1 @@
+name
diff --git a/tests/name.urs b/tests/name.urs
new file mode 100644
index 00000000..9ef36261
--- /dev/null
+++ b/tests/name.urs
@@ -0,0 +1 @@
+val hello : string -> transaction page