oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

only escape dangerous characters

Browse source
This commit is contained in:
Graham Knop 2008-10-21 18:11:32 +00:00
parent 77913e956b
commit 5b1eb1c095
2 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Session/Url.pm
View file

@ -437,7 +437,7 @@ sub page {
if ($useFullUrl) { if ($useFullUrl) {
$url = $self->getSiteURL(); $url = $self->getSiteURL();
} }
my $path = $self->session->asset ? $self->session->asset->get("url") : $self->escape($self->getRequestedUrl); my $path = $self->session->asset ? $self->session->asset->get("url") : URI::Escape::uri_escape_utf8($self->getRequestedUrl, "^A-Za-z0-9\-_.!~*'()/");
$url .= $self->gateway($path, $pairs, $skipPreventProxyCache); $url .= $self->gateway($path, $pairs, $skipPreventProxyCache);
return $url; return $url;
} }

14
t/Session/Url.t
View file

@ -226,22 +226,22 @@ my $sessionAsset = $session->asset;
$session->asset(undef); $session->asset(undef);
$session->url->{_requestedUrl} = undef; ##Manually clear cached value $session->url->{_requestedUrl} = undef; ##Manually clear cached value
$pseudoRequest->uri('/path1/file1'); $pseudoRequest->uri('/path1/">file1');
is($session->url->page, '/path1%2Ffile1', 'page with no args returns getRequestedUrl through gateway, escaping the requested URL for safety'); is($session->url->page, '/path1/%22%3Efile1', 'page with no args returns getRequestedUrl through gateway, escaping the requested URL for safety');
is($session->url->page('op=viewHelpTOC;topic=Article'), '/path1%2Ffile1?op=viewHelpTOC;topic=Article', 'page: pairs are appended'); is($session->url->page('op=viewHelpTOC;topic=Article'), '/path1/%22%3Efile1?op=viewHelpTOC;topic=Article', 'page: pairs are appended');
$url2 = 'http://'.$session->config->get('sitename')->[0].'/path1%2Ffile1'; $url2 = 'http://'.$session->config->get('sitename')->[0].'/path1/%22%3Efile1';
is($session->url->page('',1), $url2, 'page: withFullUrl includes method and sitename'); is($session->url->page('',1), $url2, 'page: withFullUrl includes method and sitename');
$session->setting->set('preventProxyCache', 0); $session->setting->set('preventProxyCache', 0);
is($session->url->page('','',1), '/path1%2Ffile1', 'page: skipPreventProxyCache is a no-op with preventProxyCache off in settings'); is($session->url->page('','',1), '/path1/%22%3Efile1', 'page: skipPreventProxyCache is a no-op with preventProxyCache off in settings');
$session->setting->set('preventProxyCache', 1); $session->setting->set('preventProxyCache', 1);
my $cacheableUrl = $session->url->page('','',1); my $cacheableUrl = $session->url->page('','',1);
is($cacheableUrl, '/path1%2Ffile1', 'page: skipPreventProxyCache does not change url'); is($cacheableUrl, '/path1/%22%3Efile1', 'page: skipPreventProxyCache does not change url');
like($session->url->page('','',0), qr(^/path1%2Ffile1\?noCache=\d{0,4}:\d+$), 'page: noCache added'); like($session->url->page('','',0), qr(^/path1/%22%3Efile1\?noCache=\d{0,4}:\d+$), 'page: noCache added');
##Restore original setting ##Restore original setting
$session->setting->set('preventProxyCache', $preventProxyCache); $session->setting->set('preventProxyCache', $preventProxyCache);