Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix URL parameter decoding in web server #3313

Merged
merged 6 commits into from
Dec 30, 2017
Merged

Fix URL parameter decoding in web server #3313

merged 6 commits into from
Dec 30, 2017

Conversation

scop
Copy link
Contributor

@scop scop commented May 31, 2017

The parameters string needs to be first split on & and =, and URL decoding on parts done after that. Otherwise URL encoded & and = within parameter names and values cause incorrect splitting.

I haven't been able to actually test this, except that it compiles. Running the test gives me a "begin timeout" for some reason before the test run starts. Compilation and upload appear to work fine.

$ make TEST_LIST=test_http_server/test_http_server.ino V=1
[...]
Running tests
../../tools/esptool/esptool -v -cp /dev/ttyUSB0 -cd nodemcu -cr
esptool v0.4.9 - (c) 2014 Ch. Klippel <ck@atelier-klippel.de>
opening port /dev/ttyUSB0 at 115200
begin timeout

@igrr
Copy link
Member

igrr commented Aug 7, 2017

I think this has been fixed in #2956, please reopen if I'm wrong.

@igrr igrr closed this Aug 7, 2017
@scop
Copy link
Contributor Author

scop commented Aug 8, 2017

@igrr The issue might be fixed in #2956 (haven't checked), but the test suite improvements here would still be very good to have merged. I don't think there's any way I can reopen this PR -- could you do it for me, thanks? (Or even better, just merge the two first commits in this issue... :))

@igrr igrr reopened this Aug 8, 2017
@igrr
Copy link
Member

igrr commented Sep 22, 2017

Ok, rebased the test-related commits on top of master, and the tests fail. Haven't looked into the "why" yet, but i guess the fix which was merged was not comprehensive enough.

@devyte devyte mentioned this pull request Oct 3, 2017
Closed
innodron
innodron reviewed Oct 4, 2017
View reviewed changes
libraries/ESP8266WebServer/src/Parsing.cpp Outdated
@@ -317,8 +313,8 @@ void ESP8266WebServer::_parseArguments(String data) {
continue;
}
RequestArgument& arg = _currentArgs[iarg];
arg.key = data.substring(pos, equal_sign_index);
arg.value = data.substring(equal_sign_index + 1, next_arg_index);
arg.key = urlDecode(data.substring(pos, equal_sign_index));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why decode the key as well, any use case ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any case that uses non-URL-safe characters in key names is a use case for this. They need to be decoded as well as values.

@devyte devyte mentioned this pull request Nov 12, 2017
Closed
scop added 3 commits December 17, 2017 18:05
@scop
Make HTTP server test data easier to examine
8c0b011
@scop
Add HTTP server parameter tests containing & and =
1adf577
@scop
Fix URL parameter decoding in web server
6855dae 
The parameters string needs to be first split on & and =, and URL
decoding on parts done after that. Otherwise URL encoded & and = within
parameter names and values cause incorrect splitting.
@devyte devyte added this to the 2.4.0 milestone Dec 28, 2017
@devyte devyte mentioned this pull request Dec 28, 2017
Closed
@devyte
Copy link
Collaborator

devyte commented Dec 28, 2017

@igrr there has been corroboration of this fix by one user. Just waiting on feedback from #4013 before merging, so I added it to the 2.4.0 milestone.

@s0170071 s0170071 mentioned this pull request Dec 30, 2017
Closed
@devyte devyte merged commit b4653f4 into esp8266:master Dec 30, 2017
@scop scop deleted the http-params branch December 30, 2017 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@innodron innodron innodron left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.4.0
Development

Successfully merging this pull request may close these issues.
4 participants
@scop @igrr @devyte @innodron