HTTPCLIENT-1746: improved argument validation in URLEncodedUtils

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1746751 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2016-06-03 19:37:33 +00:00
parent da589ff03a
commit 8081dbdc02
3 changed files with 24 additions and 92 deletions

View File

@ -315,7 +315,7 @@ public class Request {
paramList.add(param); paramList.add(param);
} }
final ContentType contentType = ContentType.create(URLEncodedUtils.CONTENT_TYPE, charset); final ContentType contentType = ContentType.create(URLEncodedUtils.CONTENT_TYPE, charset);
final String s = URLEncodedUtils.format(paramList, charset != null ? charset.name() : null); final String s = URLEncodedUtils.format(paramList, charset);
return bodyString(s, contentType); return bodyString(s, contentType);
} }

View File

@ -80,13 +80,16 @@ public class URLEncodedUtils {
* @param uri * @param uri
* URI to parse * URI to parse
* @param charset * @param charset
* Charset name to use while parsing the query * Charset to use while parsing the query
* @return a list of {@link NameValuePair} as built from the URI's query portion. * @return a list of {@link NameValuePair} as built from the URI's query portion.
*
* @since 4.5
*/ */
public static List <NameValuePair> parse(final URI uri, final String charset) { public static List <NameValuePair> parse(final URI uri, final Charset charset) {
Args.notNull(uri, "URI");
final String query = uri.getRawQuery(); final String query = uri.getRawQuery();
if (query != null && !query.isEmpty()) { if (query != null && !query.isEmpty()) {
return parse(query, Charset.forName(charset)); return parse(query, charset);
} }
return Collections.emptyList(); return Collections.emptyList();
} }
@ -105,6 +108,7 @@ public class URLEncodedUtils {
*/ */
public static List <NameValuePair> parse( public static List <NameValuePair> parse(
final HttpEntity entity) throws IOException { final HttpEntity entity) throws IOException {
Args.notNull(entity, "HTTP entity");
final ContentType contentType = ContentType.get(entity); final ContentType contentType = ContentType.get(entity);
if (contentType == null || !contentType.getMimeType().equalsIgnoreCase(CONTENT_TYPE)) { if (contentType == null || !contentType.getMimeType().equalsIgnoreCase(CONTENT_TYPE)) {
return Collections.emptyList(); return Collections.emptyList();
@ -140,6 +144,7 @@ public class URLEncodedUtils {
* {@code application/x-www-form-urlencoded}. * {@code application/x-www-form-urlencoded}.
*/ */
public static boolean isEncoded(final HttpEntity entity) { public static boolean isEncoded(final HttpEntity entity) {
Args.notNull(entity, "HTTP entity");
final ContentType contentType = ContentType.parse(entity.getContentType()); final ContentType contentType = ContentType.parse(entity.getContentType());
return contentType != null && CONTENT_TYPE.equalsIgnoreCase(contentType.getMimeType()); return contentType != null && CONTENT_TYPE.equalsIgnoreCase(contentType.getMimeType());
} }
@ -157,6 +162,9 @@ public class URLEncodedUtils {
* @since 4.2 * @since 4.2
*/ */
public static List<NameValuePair> parse(final String s, final Charset charset) { public static List<NameValuePair> parse(final String s, final Charset charset) {
if (s == null) {
return Collections.emptyList();
}
final CharArrayBuffer buffer = new CharArrayBuffer(s.length()); final CharArrayBuffer buffer = new CharArrayBuffer(s.length());
buffer.append(s); buffer.append(s);
return parse(buffer, charset, QP_SEP_A, QP_SEP_S); return parse(buffer, charset, QP_SEP_A, QP_SEP_S);
@ -233,51 +241,6 @@ public class URLEncodedUtils {
return list; return list;
} }
/**
* Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded}
* list of parameters in an HTTP PUT or HTTP POST.
*
* @param parameters The parameters to include.
* @param charset The encoding to use.
* @return An {@code application/x-www-form-urlencoded} string
*/
public static String format(
final List <? extends NameValuePair> parameters,
final String charset) {
return format(parameters, QP_SEP_A, charset);
}
/**
* Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded}
* list of parameters in an HTTP PUT or HTTP POST.
*
* @param parameters The parameters to include.
* @param parameterSeparator The parameter separator, by convention, {@code '&'} or {@code ';'}.
* @param charset The encoding to use.
* @return An {@code application/x-www-form-urlencoded} string
*
* @since 4.3
*/
public static String format(
final List <? extends NameValuePair> parameters,
final char parameterSeparator,
final String charset) {
final StringBuilder result = new StringBuilder();
for (final NameValuePair parameter : parameters) {
final String encodedName = encodeFormFields(parameter.getName(), charset);
final String encodedValue = encodeFormFields(parameter.getValue(), charset);
if (result.length() > 0) {
result.append(parameterSeparator);
}
result.append(encodedName);
if (encodedValue != null) {
result.append(NAME_VALUE_SEPARATOR);
result.append(encodedValue);
}
}
return result.toString();
}
/** /**
* Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded} * Returns a String that is suitable for use as an {@code application/x-www-form-urlencoded}
* list of parameters in an HTTP PUT or HTTP POST. * list of parameters in an HTTP PUT or HTTP POST.
@ -309,6 +272,7 @@ public class URLEncodedUtils {
final Iterable<? extends NameValuePair> parameters, final Iterable<? extends NameValuePair> parameters,
final char parameterSeparator, final char parameterSeparator,
final Charset charset) { final Charset charset) {
Args.notNull(parameters, "Parameters");
final StringBuilder result = new StringBuilder(); final StringBuilder result = new StringBuilder();
for (final NameValuePair parameter : parameters) { for (final NameValuePair parameter : parameters) {
final String encodedName = encodeFormFields(parameter.getName(), charset); final String encodedName = encodeFormFields(parameter.getName(), charset);
@ -499,20 +463,6 @@ public class URLEncodedUtils {
return charset.decode(bb).toString(); return charset.decode(bb).toString();
} }
/**
* Decode/unescape www-url-form-encoded content.
*
* @param content the content to decode, will decode '+' as space
* @param charset the charset to use
* @return encoded string
*/
private static String decodeFormFields (final String content, final String charset) {
if (content == null) {
return null;
}
return urlDecode(content, charset != null ? Charset.forName(charset) : StandardCharsets.UTF_8, true);
}
/** /**
* Decode/unescape www-url-form-encoded content. * Decode/unescape www-url-form-encoded content.
* *
@ -527,24 +477,6 @@ public class URLEncodedUtils {
return urlDecode(content, charset != null ? charset : StandardCharsets.UTF_8, true); return urlDecode(content, charset != null ? charset : StandardCharsets.UTF_8, true);
} }
/**
* Encode/escape www-url-form-encoded content.
* <p>
* Uses the {@link #URLENCODER} set of characters, rather than
* the {@link #UNRESERVED} set; this is for compatibilty with previous
* releases, URLEncoder.encode() and most browsers.
*
* @param content the content to encode, will convert space to '+'
* @param charset the charset to use
* @return encoded string
*/
private static String encodeFormFields(final String content, final String charset) {
if (content == null) {
return null;
}
return urlEncode(content, charset != null ? Charset.forName(charset) : StandardCharsets.UTF_8, URLENCODER, true);
}
/** /**
* Encode/escape www-url-form-encoded content. * Encode/escape www-url-form-encoded content.
* <p> * <p>

View File

@ -351,46 +351,46 @@ public class TestURLEncodedUtils {
@Test @Test
public void testFormatString() throws Exception { // as above, using String public void testFormatString() throws Exception { // as above, using String
final List <NameValuePair> params = new ArrayList<>(); final List <NameValuePair> params = new ArrayList<>();
Assert.assertEquals(0, URLEncodedUtils.format(params, "US-ASCII").length()); Assert.assertEquals(0, URLEncodedUtils.format(params, StandardCharsets.US_ASCII).length());
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name0", null)); params.add(new BasicNameValuePair("Name0", null));
Assert.assertEquals("Name0", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name0", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name1", "Value1")); params.add(new BasicNameValuePair("Name1", "Value1"));
Assert.assertEquals("Name1=Value1", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name1=Value1", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name2", "")); params.add(new BasicNameValuePair("Name2", ""));
Assert.assertEquals("Name2=", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name2=", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name4", "Value 4&")); params.add(new BasicNameValuePair("Name4", "Value 4&"));
Assert.assertEquals("Name4=Value+4%26", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name4=Value+4%26", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name4", "Value+4&")); params.add(new BasicNameValuePair("Name4", "Value+4&"));
Assert.assertEquals("Name4=Value%2B4%26", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name4=Value%2B4%26", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name4", "Value 4& =4")); params.add(new BasicNameValuePair("Name4", "Value 4& =4"));
Assert.assertEquals("Name4=Value+4%26+%3D4", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name4=Value+4%26+%3D4", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name5", "aaa")); params.add(new BasicNameValuePair("Name5", "aaa"));
params.add(new BasicNameValuePair("Name6", "bbb")); params.add(new BasicNameValuePair("Name6", "bbb"));
Assert.assertEquals("Name5=aaa&Name6=bbb", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name5=aaa&Name6=bbb", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name7", "aaa")); params.add(new BasicNameValuePair("Name7", "aaa"));
params.add(new BasicNameValuePair("Name7", "b,b")); params.add(new BasicNameValuePair("Name7", "b,b"));
params.add(new BasicNameValuePair("Name7", "ccc")); params.add(new BasicNameValuePair("Name7", "ccc"));
Assert.assertEquals("Name7=aaa&Name7=b%2Cb&Name7=ccc", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name7=aaa&Name7=b%2Cb&Name7=ccc", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
params.clear(); params.clear();
params.add(new BasicNameValuePair("Name8", "xx, yy ,zz")); params.add(new BasicNameValuePair("Name8", "xx, yy ,zz"));
Assert.assertEquals("Name8=xx%2C++yy++%2Czz", URLEncodedUtils.format(params, "US-ASCII")); Assert.assertEquals("Name8=xx%2C++yy++%2Czz", URLEncodedUtils.format(params, StandardCharsets.US_ASCII));
} }
private List <NameValuePair> parse (final String params) { private List <NameValuePair> parse (final String params) {
@ -398,7 +398,7 @@ public class TestURLEncodedUtils {
} }
private List <NameValuePair> parseString (final String uri) throws Exception { private List <NameValuePair> parseString (final String uri) throws Exception {
return URLEncodedUtils.parse(new URI("?"+uri), "UTF-8"); return URLEncodedUtils.parse(new URI("?"+uri), StandardCharsets.UTF_8);
} }
private static void assertNameValuePair ( private static void assertNameValuePair (