Merge pull request #212 from Herringway/fix-uri-escapes

fix UTF-8 decoding in URI sequences
merged-on-behalf-of: Cameron Ross <elpenguino@gmail.com>
This commit is contained in:
The Dlang Bot 2019-01-08 03:17:19 +01:00 committed by GitHub
commit 55b745fe2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 4 deletions

View file

@ -1973,9 +1973,16 @@ final class Scanner
++nextChar; ++nextChar;
} }
else else
{
try
{ {
c = decode(bytes[], nextChar); c = decode(bytes[], nextChar);
} }
catch (UTFException)
{
return size_t.max;
}
}
reader_.sliceBuilder.write(c); reader_.sliceBuilder.write(c);
if(bytes.length - nextChar > 0) if(bytes.length - nextChar > 0)
{ {
@ -2016,8 +2023,8 @@ final class Scanner
uint digit; uint digit;
if(c - '0' < 10) { digit = c - '0'; } if(c - '0' < 10) { digit = c - '0'; }
else if(c - 'A' < 6) { digit = c - 'A'; } else if(c - 'A' < 6) { digit = 10 + c - 'A'; }
else if(c - 'a' < 6) { digit = c - 'a'; } else if(c - 'a' < 6) { digit = 10 + c - 'a'; }
else { assert(false); } else { assert(false); }
b += mult * digit; b += mult * digit;
mult /= 16; mult /= 16;
@ -2028,6 +2035,13 @@ final class Scanner
} }
bytesUsed = getDchar(bytes[0 .. bytesUsed], reader_); bytesUsed = getDchar(bytes[0 .. bytesUsed], reader_);
if(bytesUsed == size_t.max)
{
error(contextMsg, startMark,
"Invalid UTF-8 data encoded in URI escape sequence",
reader_.mark);
return;
}
} }

View file

@ -16,6 +16,12 @@ import std.string;
import dyaml.test.common; import dyaml.test.common;
string construct(ref Node node) @safe
{
return node.as!string;
}
/** /**
* Implicit tag resolution unittest. * Implicit tag resolution unittest.
* *
@ -37,7 +43,13 @@ void testImplicitResolver(string dataFilename, string detectFilename) @safe
} }
correctTag = readText(detectFilename).strip(); correctTag = readText(detectFilename).strip();
node = Loader.fromFile(dataFilename).load();
auto constructor = new Constructor;
constructor.addConstructorScalar("tag:example.com,2000:app/tag🤔", &construct);
auto loader = Loader.fromFile(dataFilename);
loader.constructor = constructor;
node = loader.load();
assert(node.isSequence); assert(node.isSequence);
foreach(ref Node scalar; node) foreach(ref Node scalar; node)
{ {

3
test/data/uri.data Normal file
View file

@ -0,0 +1,3 @@
%TAG !e! tag:example.com,2000:app/
---
- !e!tag%F0%9F%A4%94 baz

1
test/data/uri.detect Normal file
View file

@ -0,0 +1 @@
tag:example.com,2000:app/tag🤔