diff options
| author | Stormwind <stormwind@stormwinds-page.de> | 2012-12-22 19:08:02 +0100 |
|---|---|---|
| committer | Stormwind <stormwind@stormwinds-page.de> | 2012-12-22 19:08:02 +0100 |
| commit | 835234a52c487002a516792dbdea3a44d110ba3d (patch) | |
| tree | 6fce9eb0b4a96a22934dbe8c897dcf4859b542b5 | |
| parent | 0e12faff226e73ea932150a912e89b3363fed76e (diff) | |
Improve query valid regex
Now a query string cannot look like 'foo=bar=foo' anymore.
| -rw-r--r-- | lib/zero/patches/uri.rb | 4 | ||||
| -rw-r--r-- | spec/unit/uri/parse_query_string_spec.rb | 28 |
2 files changed, 29 insertions, 3 deletions
diff --git a/lib/zero/patches/uri.rb b/lib/zero/patches/uri.rb index a761fbc..0b64abb 100644 --- a/lib/zero/patches/uri.rb +++ b/lib/zero/patches/uri.rb @@ -18,7 +18,6 @@ module URI return self.decode_www_form_18 query end - # Own implementation of decode_www_form. # Shall behave almost like the original method, but without any encoding # stuff. @@ -28,7 +27,8 @@ module URI # def self.decode_www_form_18(query) return [] if query.empty? - unless query.match '=' + + unless query.match /^[^#=;&]*=[^#=;&]*([;&][^#=;&]*=[^#=;&]*)*$/ raise ArgumentError, "invalid data of application/x-www-form-urlencoded (#{query})" end diff --git a/spec/unit/uri/parse_query_string_spec.rb b/spec/unit/uri/parse_query_string_spec.rb index a165cf3..3a36cc0 100644 --- a/spec/unit/uri/parse_query_string_spec.rb +++ b/spec/unit/uri/parse_query_string_spec.rb @@ -114,6 +114,32 @@ describe URI, '#parse_query_string' do result.should eq([]) end - # what happend on more than one = without an & or ; in between? + it 'throws an error, if more than one = without an & or ; in between' do + expect { + result = URI::parse_query_string("foo=bar=foo&bar=foo=bar") + }.to raise_error( + ArgumentError, + "invalid data of application/x-www-form-urlencoded "+ + "(foo=bar=foo&bar=foo=bar)" + ) + end + + it 'throws an error, if more than one & without an = in between' do + expect { + result = URI::parse_query_string("foo&bar=foo&bar") + }.to raise_error( + ArgumentError, + "invalid data of application/x-www-form-urlencoded (foo&bar=foo&bar)" + ) + end + + it 'throws an error, if more than one ; without an = in between' do + expect { + result = URI::parse_query_string("foo;bar=foo;bar") + }.to raise_error( + ArgumentError, + "invalid data of application/x-www-form-urlencoded (foo;bar=foo;bar)" + ) + end end |