rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix decoding of form value Strings.

This commit is contained in:
Sergio Benitez 2016-12-31 00:48:31 -06:00
parent d19cb0349c
commit 83bbea7d4a
4 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/forms/src/main.rs
View File

@ -12,7 +12,7 @@ use rocket::response::Redirect;
#[derive(FromForm)] #[derive(FromForm)]
struct UserLogin<'r> { struct UserLogin<'r> {
username: &'r str, username: &'r str,
password: &'r str, password: String,
age: Result<usize, &'r str>, age: Result<usize, &'r str>,
} }
@ -27,7 +27,7 @@ fn login<'a>(user_form: Form<'a, UserLogin<'a>>) -> Result<Redirect, String> {
}; };
if user.username == "Sergio" { if user.username == "Sergio" {
match user.password { match user.password.as_str() {
"password" => Ok(Redirect::to("/user/Sergio")), "password" => Ok(Redirect::to("/user/Sergio")),
_ => Err("Wrong password!".to_string()) _ => Err("Wrong password!".to_string())
} }

16
lib/src/request/form/from_form_value.rs
View File

@ -73,21 +73,11 @@ impl<'v> FromFormValue<'v> for String {
// This actually parses the value according to the standard. // This actually parses the value according to the standard.
fn from_form_value(v: &'v str) -> Result<Self, Self::Error> { fn from_form_value(v: &'v str) -> Result<Self, Self::Error> {
let result = URI::percent_decode(v.as_bytes()); let replaced = v.replace("+", " ");
let result = URI::percent_decode(replaced.as_bytes());
match result { match result {
Err(_) => Err(v), Err(_) => Err(v),
Ok(mut string) => Ok({ Ok(string) => Ok(string.into_owned())
// Entirely safe because we're changing the single-byte '+'.
unsafe {
for c in string.to_mut().as_mut_vec() {
if *c == b'+' {
*c = b' ';
}
}
}
string.into_owned()
})
} }
} }
} }

2
lib/tests/form_method-issue-45.rs
View File

@ -42,6 +42,6 @@ fn get_passes_through() {
.header(ContentType::Form) .header(ContentType::Form)
.body("_method=patch&form_data=Form+data"); .body("_method=patch&form_data=Form+data");
let mut response = req.dispatch_with(&rocket); let response = req.dispatch_with(&rocket);
assert_eq!(response.status(), Status::NotFound); assert_eq!(response.status(), Status::NotFound);
} }

45
lib/tests/form_value_decoding-issue-82.rs Normal file
View File

@ -0,0 +1,45 @@
#![feature(plugin, custom_derive)]
#![plugin(rocket_codegen)]
extern crate rocket;
use rocket::request::Form;
#[derive(FromForm)]
struct FormData {
form_data: String,
}
#[post("/", data = "<form_data>")]
fn bug(form_data: Form<FormData>) -> String {
form_data.into_inner().form_data
}
use rocket::testing::MockRequest;
use rocket::http::Method::*;
use rocket::http::ContentType;
use rocket::http::Status;
fn check_decoding(raw: &str, decoded: &str) {
let rocket = rocket::ignite().mount("/", routes![bug]);
let mut req = MockRequest::new(Post, "/")
.header(ContentType::Form)
.body(format!("form_data={}", raw));
let mut response = req.dispatch_with(&rocket);
let body_string = response.body().and_then(|b| b.into_string());
assert_eq!(response.status(), Status::Ok);
assert_eq!(Some(decoded.to_string()), body_string);
}
#[test]
fn test_proper_decoding() {
check_decoding("password", "password");
check_decoding("", "");
check_decoding("+", " ");
check_decoding("%2B", "+");
check_decoding("1+1", "1 1");
check_decoding("1%2B1", "1+1");
check_decoding("%3Fa%3D1%26b%3D2", "?a=1&b=2");
}