fix: warn on malformed URI query parameter

This commit is contained in:
Bryan Honof 2024-09-30 14:42:47 +02:00
parent 0ed67e5b7e
commit 1f024ecfcd
No known key found for this signature in database
2 changed files with 9 additions and 5 deletions

View file

@ -88,7 +88,7 @@ std::pair<FlakeRef, std::string> parsePathFlakeRefWithFragment(
if (fragmentStart != std::string::npos) {
fragment = percentDecode(url.substr(fragmentStart+1));
}
if (pathEnd != std::string::npos && fragmentStart != std::string::npos) {
if (pathEnd != std::string::npos && fragmentStart != std::string::npos && url[pathEnd] == '?') {
query = decodeQuery(url.substr(pathEnd+1, fragmentStart-pathEnd-1));
}

View file

@ -79,10 +79,14 @@ std::map<std::string, std::string> decodeQuery(const std::string & query)
for (auto s : tokenizeString<Strings>(query, "&")) {
auto e = s.find('=');
if (e != std::string::npos)
result.emplace(
s.substr(0, e),
percentDecode(std::string_view(s).substr(e + 1)));
if (e == std::string::npos) {
warn("dubious URI query '%s' is missing equal sign '%s', ignoring", s, "=");
continue;
}
result.emplace(
s.substr(0, e),
percentDecode(std::string_view(s).substr(e + 1)));
}
return result;