修复HttpRequest.getBody由于URLDecode导致的BUG
This commit is contained in:
Redkale
@@ -92,7 +92,6 @@ public class HttpRequest extends Request<HttpContext> {
|
|||||||
if (!readLine(buffer, array)) return -1;
|
if (!readLine(buffer, array)) return -1;
|
||||||
Charset charset = this.context.getCharset();
|
Charset charset = this.context.getCharset();
|
||||||
int index = 0;
|
int index = 0;
|
||||||
array.urlDecode();
|
|
||||||
int offset = array.find(index, ' ');
|
int offset = array.find(index, ' ');
|
||||||
if (offset <= 0) return -1;
|
if (offset <= 0) return -1;
|
||||||
this.method = array.toString(index, offset, charset).trim();
|
this.method = array.toString(index, offset, charset).trim();
|
||||||
@@ -103,10 +102,10 @@ public class HttpRequest extends Request<HttpContext> {
|
|||||||
if (off > 0) offset = off;
|
if (off > 0) offset = off;
|
||||||
int qst = array.find(index, offset, (byte) '?');
|
int qst = array.find(index, offset, (byte) '?');
|
||||||
if (qst > 0) {
|
if (qst > 0) {
|
||||||
this.requestURI = array.toString(index, qst - index, charset).trim();
|
this.requestURI = array.toDecodeString(index, qst - index, charset).trim();
|
||||||
addParameter(array, qst + 1, offset - qst - 1);
|
addParameter(array, qst + 1, offset - qst - 1);
|
||||||
} else {
|
} else {
|
||||||
this.requestURI = array.toString(index, offset - index, charset).trim();
|
this.requestURI = array.toDecodeString(index, offset - index, charset).trim();
|
||||||
}
|
}
|
||||||
if (this.requestURI.contains("../")) return -1;
|
if (this.requestURI.contains("../")) return -1;
|
||||||
index = ++offset;
|
index = ++offset;
|
||||||
@@ -175,7 +174,6 @@ public class HttpRequest extends Request<HttpContext> {
|
|||||||
|
|
||||||
private void parseBody() {
|
private void parseBody() {
|
||||||
if (this.boundary || bodyparsed) return;
|
if (this.boundary || bodyparsed) return;
|
||||||
array.urlDecode();
|
|
||||||
addParameter(array, 0, array.size());
|
addParameter(array, 0, array.size());
|
||||||
bodyparsed = true;
|
bodyparsed = true;
|
||||||
}
|
}
|
||||||
@@ -190,10 +188,10 @@ public class HttpRequest extends Request<HttpContext> {
|
|||||||
if (valpos > 0) addParameter(array, valpos + 1, limit - valpos - 1);
|
if (valpos > 0) addParameter(array, valpos + 1, limit - valpos - 1);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
String name = array.toString(offset, keypos - offset, charset);
|
String name = array.toDecodeString(offset, keypos - offset, charset);
|
||||||
if (name.charAt(0) == '<') return; //内容可能是xml格式; 如: <?xml version="1.0"
|
if (name.charAt(0) == '<') return; //内容可能是xml格式; 如: <?xml version="1.0"
|
||||||
++keypos;
|
++keypos;
|
||||||
String value = array.toString(keypos, (valpos < 0) ? (limit - keypos) : (valpos - keypos), charset);
|
String value = array.toDecodeString(keypos, (valpos < 0) ? (limit - keypos) : (valpos - keypos), charset);
|
||||||
this.params.addValue(name, value);
|
this.params.addValue(name, value);
|
||||||
if (valpos >= 0) {
|
if (valpos >= 0) {
|
||||||
addParameter(array, valpos + 1, limit - valpos - 1);
|
addParameter(array, valpos + 1, limit - valpos - 1);
|
||||||
|
|||||||
@@ -328,26 +328,47 @@ public final class ByteArray {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 转义字符串
|
* 将指定的起始位置和长度按指定字符集并转义后转成字符串
|
||||||
|
*
|
||||||
|
* @param offset 起始位置
|
||||||
|
* @param len 长度
|
||||||
|
* @param charset 字符集
|
||||||
|
*
|
||||||
|
* @return 字符串
|
||||||
*/
|
*/
|
||||||
public void urlDecode() {
|
public String toDecodeString(final int offset, int len, final Charset charset) {
|
||||||
int len = this.count;
|
int start = offset;
|
||||||
|
final int end = offset + len;
|
||||||
|
boolean flag = false; //是否需要转义
|
||||||
|
byte[] bs = content;
|
||||||
|
for (int i = offset; i < end; i++) {
|
||||||
|
if (content[i] == '+' || content[i] == '%') {
|
||||||
|
flag = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (flag) {
|
||||||
int index = 0;
|
int index = 0;
|
||||||
for (int i = 0; i < len; i++) {
|
bs = new byte[len];
|
||||||
|
for (int i = offset; i < end; i++) {
|
||||||
switch (content[i]) {
|
switch (content[i]) {
|
||||||
case '+':
|
case '+':
|
||||||
content[index] = ' ';
|
bs[index] = ' ';
|
||||||
break;
|
break;
|
||||||
case '%':
|
case '%':
|
||||||
content[index] = (byte) ((hexBit(content[++i]) * 16 + hexBit(content[++i])));
|
bs[index] = (byte) ((hexBit(content[++i]) * 16 + hexBit(content[++i])));
|
||||||
this.count -= 2;
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
content[index] = content[i];
|
bs[index] = content[i];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
index++;
|
index++;
|
||||||
}
|
}
|
||||||
|
start = 0;
|
||||||
|
len = index;
|
||||||
|
}
|
||||||
|
if (charset == null) return new String(Utility.decodeUTF8(bs, start, len));
|
||||||
|
return new String(bs, start, len, charset);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static int hexBit(byte b) {
|
private static int hexBit(byte b) {
|
||||||
|
|||||||
Reference in New Issue
Block a user