mirror of
https://github.com/fafhrd91/actix-net
synced 2024-11-24 02:21:07 +01:00
Path
: fix unsafe malformed string (#359)
This commit is contained in:
parent
a1bf8662c9
commit
cf21df14f2
@ -2,8 +2,10 @@
|
||||
|
||||
## Unreleased - 2021-xx-xx
|
||||
* When matching URL parameters, `%25` is kept in the percent-encoded form - no longer decoded to `%`. [#357]
|
||||
* Fixed a bug where the `Path` extractor returns unsafe malformed string due to malformed URL. [#359]
|
||||
|
||||
[#357]: https://github.com/actix/actix-net/pull/357
|
||||
[#359]: https://github.com/actix/actix-net/pull/359
|
||||
|
||||
|
||||
## 0.2.7 - 2021-02-06
|
||||
|
@ -170,11 +170,7 @@ impl Quoter {
|
||||
idx += 1;
|
||||
}
|
||||
|
||||
cloned.map(|data| {
|
||||
// SAFETY: we get data from http::Uri, which does UTF-8 checks already
|
||||
// this code only decodes valid pct encoded values
|
||||
unsafe { String::from_utf8_unchecked(data) }
|
||||
})
|
||||
cloned.map(|data| String::from_utf8_lossy(&data).into_owned())
|
||||
}
|
||||
}
|
||||
|
||||
@ -259,6 +255,16 @@ mod tests {
|
||||
assert_eq!(path.get("id").unwrap(), &test);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_invalid_utf8() {
|
||||
let invalid_utf8 = percent_encode((0x80..=0xff).collect::<Vec<_>>().as_slice());
|
||||
let uri = Uri::try_from(format!("/{}", invalid_utf8)).unwrap();
|
||||
let path = Path::new(Url::new(uri));
|
||||
|
||||
// We should always get a valid utf8 string
|
||||
assert!(String::from_utf8(path.path().as_bytes().to_owned()).is_ok());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_from_hex() {
|
||||
let hex = b"0123456789abcdefABCDEF";
|
||||
|
Loading…
Reference in New Issue
Block a user