Properly decode URL parameters when passed as path segments or query …

…params (#114) Fixes #105 `getRequestPath` seems to parse things wrongly with `1+%2B+1+%3D+2` becoming `1+++1+=+2`, losing the distinction between spaces ` ` and plus `+`. Swapped in `getRequestURI` which gives us the raw string and handled the parsing myself to work around that. Updated the `variableRoutes` and `queryParams` unit tests to make sure they properly provide decoded values to the application code
com-lihaoyi · Jan 5, 2024 · 9df52fc · 9df52fc
1 parent 76fe751
commit 9df52fc
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/cask/src/cask/main/Main.scala b/cask/src/cask/main/Main.scala
@@ -99,7 +99,13 @@ object Main{
  (r: Any) => Main.writeResponse(exchange, r.asInstanceOf[Response.Raw])
  )
 
- dispatchTrie.lookup(Util.splitPath(exchange.getRequestPath).toList, Map()) match {
+ val decodedSegments = Util
+ .splitPath(exchange.getRequestURI)
+ .iterator
+ .map(java.net.URLDecoder.decode(_, "UTF-8"))
+ .toList
+
+ dispatchTrie.lookup(decodedSegments, Map()) match {
  case None => Main.writeResponse(exchange, handleNotFound())
  case Some((methodMap, routeBindings, remaining)) =>
  methodMap.get(effectiveMethod) match {

diff --git a/example/queryParams/app/test/src/ExampleTests.scala b/example/queryParams/app/test/src/ExampleTests.scala
@@ -21,10 +21,10 @@ object ExampleTests extends TestSuite{
  val noIndexPage = requests.get(host, check = false)
  noIndexPage.statusCode ==> 404
 
- assert(
- requests.get(s"$host/article/123?param=xyz").text() ==
-  "Article 123 xyz"
- )
+ requests.get(s"$host/article/123?param=xyz").text() ==> "Article 123 xyz"
+
+ requests.get(s"$host/article/123?param=1+%2B+1+%3D+2%25%3F%26%2F").text() ==>
+  "Article 123 1 + 1 = 2%?&/"
 
  requests.get(s"$host/article/123", check = false).text() ==>
  """Missing argument: (param: String)

diff --git a/example/variableRoutes/app/test/src/ExampleTests.scala b/example/variableRoutes/app/test/src/ExampleTests.scala
@@ -22,6 +22,8 @@ object ExampleTests extends TestSuite{
  noIndexPage.statusCode ==> 404
 
  requests.get(s"$host/user/lihaoyi").text() ==> "User lihaoyi"
+ requests.get(s"$host/user/li+haoyi").text() ==> "User li haoyi"
+ requests.get(s"$host/user/1+%2B+1+%3D+2%25%3F%26%2F").text() ==> "User 1 + 1 = 2%?&/"
 
  requests.get(s"$host/user", check = false).statusCode ==> 404