[Seaside] Swazoo bugs that can affect Seaside
philippe.marschall at gmail.com
Sun Aug 7 09:02:59 UTC 2011
2011/8/3 Dale Henrichs <dhenrich at vmware.com>:
> In the last week or so, I've run into a couple of bugs in Swazoo that may be of interest to any Seasiders using Swazoo in their applications. I've got workarounds for GLASS if anyone is interested.
> The first bug is in SwazooURI where the query fields in an URL will be incorrectly parsed if an `&` or other special character is embedded in the value of the field. The following example illustrates the bug:
> | url ans1 ans2 |
> url := 'www.foo.com/index.html?foo=1&bar=', 'bar"sample method"^#($&)' encodeForHTTP
> ans1 := SwazooURI fromString: url.
> ans2 := SwazooURI new.
> ans2 fromStream: url readStream.
> ans1 printString = ans2 printString
> SwazooURI>>fromString: (called by SwazooURI class>>fromString:) prematurely decodes the input string exposing the `&` and causes the parser to think that there is an additional query field in the input url and results in the truncation of the value of the `bar` field. The fix is to remove the call to HTTPString class>>decodedHTTPFrom: from SwazooURI>>fromString: ... the subsequent parsing of the queryfields already call HTTPString class>>decodedHTTPFrom:
> This bug is present in Swazoo-2.3beta2.6
#identifierPath decodes the identifier again although it is already
decoded. See attached test.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 462 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/seaside/attachments/20110807/6500e48c/SwazooURITest-testIdentifierPathEncoded.obj
More information about the seaside