From 25792a154d53d515917c41256610a03a0a9de5f9 Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adamc@hcoop.net>
Date: Tue, 18 May 2010 14:47:56 -0400
Subject: URL-escape with '.' instead of '%', to avoid confusing proxies

---
 CHANGELOG        |  7 +++++++
 lib/js/urweb.js  | 12 ++++++++----
 src/c/urweb.c    | 18 +++++++++++++++---
 src/mono_opt.sml |  4 ++--
 tests/name.ur    |  1 +
 tests/name.urp   |  1 +
 tests/name.urs   |  1 +
 7 files changed, 35 insertions(+), 9 deletions(-)
 create mode 100644 tests/name.ur
 create mode 100644 tests/name.urp
 create mode 100644 tests/name.urs

diff --git a/CHANGELOG b/CHANGELOG
index abc34ba9..bad97037 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,10 @@
+========
+Next
+========
+
+- Changed URL escaping convention, to avoid confusing proxies.
+  The new convention is like the normal one, but with '.' instead of '%'.
+
 ========
 20100506
 ========
diff --git a/lib/js/urweb.js b/lib/js/urweb.js
index 697f197f..68beb76c 100644
--- a/lib/js/urweb.js
+++ b/lib/js/urweb.js
@@ -592,15 +592,19 @@ function pflo(s) {
 function uf(s) {
   if (s.length == 0)
     return "_";
-  return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s);
+  s = s.replace(new RegExp ("\\.", "g"), ".2E");
+  return (s.charAt(0) == '_' ? "_" : "") + encodeURIComponent(s).replace(new RegExp ("%", "g"), ".");
 }
 
 function uu(s) {
   if (s.length > 0 && s.charAt(0) == '_') {
     s = s.substring(1);
-  } else if (s.length >= 3 && s.charAt(0) == '%' && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
-    s = s.substring(3);
-  return decodeURIComponent(s.replace(new RegExp ("\\+", "g"), " "));
+  } else if (s.length >= 3 && (s.charAt(0) == '%' || s.charAt(0) == '.')
+             && s.charAt(1) == '5' && (s.charAt(2) == 'f' || s.charAt(2) == 'F'))
+      s = s.substring(3);
+  s = s.replace(new RegExp ("\\+", "g"), " ");
+  s = s.replace(new RegExp ("\\.", "g"), "%");
+  return decodeURIComponent(s);
 }
 
 function atr(s) {
diff --git a/src/c/urweb.c b/src/c/urweb.c
index 6815c85b..141aa06b 100644
--- a/src/c/urweb.c
+++ b/src/c/urweb.c
@@ -1687,7 +1687,7 @@ char *uw_Basis_urlifyString(uw_context ctx, uw_Basis_string s) {
     else if (isalnum(c))
       *p++ = c;
     else {
-      sprintf(p, "%%%02X", c);
+      sprintf(p, ".%02X", c);
       p += 3;
     }
   }
@@ -1764,7 +1764,7 @@ uw_unit uw_Basis_urlifyString_w(uw_context ctx, uw_Basis_string s) {
     else if (isalnum(c))
       uw_writec_unsafe(ctx, c);
     else {
-      sprintf(ctx->page.front, "%%%02X", c);
+      sprintf(ctx->page.front, ".%02X", c);
       ctx->page.front += 3;
     }
   }
@@ -1822,7 +1822,7 @@ static uw_Basis_string uw_unurlifyString_to(int fromClient, uw_context ctx, char
   if (!fromClient) {
     if (*s2 == '_')
       ++s2;
-    else if (s2[0] == '%' && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
+    else if ((s2[0] == '%' || s2[0] == '.') && s2[1] == '5' && (s2[2] == 'f' || s2[2] == 'F'))
       s2 += 3;
   }
 
@@ -1843,6 +1843,18 @@ static uw_Basis_string uw_unurlifyString_to(int fromClient, uw_context ctx, char
       *s1 = n;
       s2 += 2;
       break;
+    case '.':
+      if (!fromClient) {
+        if (s2[1] == 0)
+          uw_error(ctx, FATAL, "Missing first character of escaped URL byte");
+        if (s2[2] == 0)
+          uw_error(ctx, FATAL, "Missing second character of escaped URL byte");
+        if (sscanf(s2+1, "%02X", &n) != 1)
+          uw_error(ctx, FATAL, "Invalid escaped URL byte starting at: %s", s2);
+        *s1 = n;
+        s2 += 2;
+        break;
+      }
     default:
       *s1 = c;
     }
diff --git a/src/mono_opt.sml b/src/mono_opt.sml
index fb6ff264..cf1b1cfe 100644
--- a/src/mono_opt.sml
+++ b/src/mono_opt.sml
@@ -1,4 +1,4 @@
-(* Copyright (c) 2008, Adam Chlipala
+(* Copyright (c) 2008-2010, Adam Chlipala
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -86,7 +86,7 @@ fun urlifyString s =
                              | ch => if Char.isAlphaNum ch then
                                          str ch
                                      else
-                                         "%" ^ hexIt ch) s
+                                         "." ^ hexIt ch) s
 
 
 fun sqlifyInt n = #p_cast (Settings.currentDbms ()) (attrifyInt n, Settings.Int)
diff --git a/tests/name.ur b/tests/name.ur
new file mode 100644
index 00000000..49e02c2d
--- /dev/null
+++ b/tests/name.ur
@@ -0,0 +1 @@
+fun hello name = return <xml>{[name]}</xml>
diff --git a/tests/name.urp b/tests/name.urp
new file mode 100644
index 00000000..f121bdbf
--- /dev/null
+++ b/tests/name.urp
@@ -0,0 +1 @@
+name
diff --git a/tests/name.urs b/tests/name.urs
new file mode 100644
index 00000000..9ef36261
--- /dev/null
+++ b/tests/name.urs
@@ -0,0 +1 @@
+val hello : string -> transaction page
-- 
cgit v1.2.3