Skip to content

Commit 58cccc5

Browse files
weavejesterweavejester
authored
Merge pull request #25 from collbox/invalid-url-encoding-handling
Exclude decoded params on invalid URL encoding
2 parents b25f8cc + 76e92e8 commit 58cccc5

2 files changed

Lines changed: 15 additions & 4 deletions

File tree

src/ring/util/codec.clj

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -141,8 +141,11 @@
141141
(form-decode-str encoded encoding)
142142
(reduce
143143
(fn [m param]
144-
(if-let [[k v] (str/split param #"=" 2)]
145-
(assoc-conj m (form-decode-str k encoding) (form-decode-str (or v "") encoding))
146-
m))
144+
(let [[k v] (str/split param #"=" 2)
145+
k (form-decode-str k encoding)
146+
v (form-decode-str (or v "") encoding)]
147+
(if (and k v)
148+
(assoc-conj m k v)
149+
m)))
147150
{}
148151
(str/split encoded #"&")))))

test/ring/util/test/codec.clj

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,14 @@
6565
"a=b%2Fc" {"a" "b/c"}
6666
"a=b&c" {"a" "b" "c" ""}
6767
"a=&b=c" {"a" "" "b" "c"}
68-
"a&b=c" {"a" "" "b" "c"})
68+
"a&b=c" {"a" "" "b" "c"}
69+
"=" {"" ""}
70+
"a=" {"a" ""}
71+
"=b" {"" "b"})
72+
(testing "invalid URL encoding"
73+
(are [x y] (= (form-decode x) y)
74+
"%=b" {}
75+
"a=%" {}
76+
"%=%" {}))
6977
(is (= (form-decode "a=foo%FE%FF%00%2Fbar" "UTF-16")
7078
{"a" "foo/bar"})))

0 commit comments

Comments
 (0)