diff options
author | andreizdor <andreizdor@yandex-team.com> | 2023-02-16 12:32:45 +0300 |
---|---|---|
committer | andreizdor <andreizdor@yandex-team.com> | 2023-02-16 12:32:45 +0300 |
commit | f1eff52148cd5cf1c8b895eed1dc85c22d438eb9 (patch) | |
tree | 67cb49b4e168e6d3148248782c516438428a46fa | |
parent | 2d466cb51cdcc7a2de1685144bc5c2a6794d825e (diff) | |
download | ydb-f1eff52148cd5cf1c8b895eed1dc85c22d438eb9.tar.gz |
Fix escaping cgi, according to RFC 3986 standart
https://www.ietf.org/rfc/rfc3986.txt
Символ `^` не входит в допустимые символы URI
-rw-r--r-- | library/cpp/string_utils/quote/quote.cpp | 6 | ||||
-rw-r--r-- | library/cpp/string_utils/quote/quote_ut.cpp | 10 | ||||
-rw-r--r-- | ydb/library/backup/ut/ut.cpp | 2 | ||||
-rw-r--r-- | ydb/library/yql/utils/url_builder_ut.cpp | 2 |
4 files changed, 10 insertions, 10 deletions
diff --git a/library/cpp/string_utils/quote/quote.cpp b/library/cpp/string_utils/quote/quote.cpp index a7a4749d99d..6a117c424af 100644 --- a/library/cpp/string_utils/quote/quote.cpp +++ b/library/cpp/string_utils/quote/quote.cpp @@ -75,18 +75,18 @@ static inline const char* FixZero(const char* s) noexcept { // '%', '&', '+', ',', // '#', '<', '=', '>', // '[', '\\',']', '?', -// ':', '{', '}', +// ':', '{', '}', '^' // all below ' ' (0x20) and above '~' (0x7E). // ' ' converted to '+' static const bool chars_to_url_escape[256] = { - // 0 1 2 3 4 5 6 7 8 9 A B C D E F +// 0 1 2 3 4 5 6 7 8 9 A B C D E F 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //0 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //1 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, //2 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, //3 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //4 - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, //5 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, //5 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //6 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, //7 diff --git a/library/cpp/string_utils/quote/quote_ut.cpp b/library/cpp/string_utils/quote/quote_ut.cpp index 6c552b279e1..9d6f56ffbb0 100644 --- a/library/cpp/string_utils/quote/quote_ut.cpp +++ b/library/cpp/string_utils/quote/quote_ut.cpp @@ -22,27 +22,27 @@ Y_UNIT_TEST_SUITE(TCGIEscapeTest) { Y_UNIT_TEST(StringBuf) { char tmp[100]; - UNIT_ASSERT_VALUES_EQUAL(CgiEscape(tmp, "!@#$%^&*(){}[]\" "), TStringBuf("!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+")); + UNIT_ASSERT_VALUES_EQUAL(CgiEscape(tmp, "!@#$%^&*(){}[]\" "), TStringBuf("!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+")); } Y_UNIT_TEST(StrokaRet) { - UNIT_ASSERT_VALUES_EQUAL(CGIEscapeRet("!@#$%^&*(){}[]\" "), TString("!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+")); + UNIT_ASSERT_VALUES_EQUAL(CGIEscapeRet("!@#$%^&*(){}[]\" "), TString("!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+")); } Y_UNIT_TEST(StrokaAppendRet) { TString param; AppendCgiEscaped("!@#$%^&*(){}[]\" ", param); - UNIT_ASSERT_VALUES_EQUAL(param, TString("!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+")); + UNIT_ASSERT_VALUES_EQUAL(param, TString("!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+")); TString param2 = "¶m="; AppendCgiEscaped("!@#$%^&*(){}[]\" ", param2); UNIT_ASSERT_VALUES_EQUAL(param2, - TString("¶m=!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+")); + TString("¶m=!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+")); param2.append("¶m_param="); AppendCgiEscaped("!@#$%^&*(){}[]\" ", param2); UNIT_ASSERT_VALUES_EQUAL(param2, - TString("¶m=!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+¶m_param=!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+")); + TString("¶m=!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+¶m_param=!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+")); } } diff --git a/ydb/library/backup/ut/ut.cpp b/ydb/library/backup/ut/ut.cpp index 5967e9dfa34..3639acc6040 100644 --- a/ydb/library/backup/ut/ut.cpp +++ b/ydb/library/backup/ut/ut.cpp @@ -397,7 +397,7 @@ Y_UNIT_TEST(ResultSetStringPrintTest) { << "\"simplestring\"," "\"Space_And_Underscore+Containing+String\"," "\"String%22with%22quote%22marks\"" << Endl - << "\"~Allowed.symbols_string;!*@$^/\"," + << "\"~Allowed.symbols_string;!*@$%5E/\"," "\"NotAllowed%22%3A%0A%23%25%26%28%29%2C%5C%7C\"," "\"String%2Cwith%2Ccommas.and.dots\"" << Endl; TestResultSetParsedOk(resultSetStr, expect); diff --git a/ydb/library/yql/utils/url_builder_ut.cpp b/ydb/library/yql/utils/url_builder_ut.cpp index 791cf08731f..ad15a916982 100644 --- a/ydb/library/yql/utils/url_builder_ut.cpp +++ b/ydb/library/yql/utils/url_builder_ut.cpp @@ -24,7 +24,7 @@ Y_UNIT_TEST_SUITE(TUrlBuilder) { .AddUrlParam("param2", "val2") .Build(); - UNIT_ASSERT_VALUES_EQUAL(url, "https://localhost/abc?param1=%3D!@%23$%25^%26*%28%29%7B%7D%5B%5D%22+¶m2=val2"); + UNIT_ASSERT_VALUES_EQUAL(url, "https://localhost/abc?param1=%3D!@%23$%25%5E%26*%28%29%7B%7D%5B%5D%22+¶m2=val2"); } Y_UNIT_TEST(EmptyPathComponent) { |