| Ticket UUID: | 1f900bdf6bb6369987598e8c5f36a1e0f62b9798 | |||
| Title: | improve ncgi's decode procedure | |||
| Type: | Patch | Version: | 1.18 | |
| Submitter: | anonymous | Created on: | 2017-09-01 23:43:46 | |
| Subsystem: | ncgi | Assigned To: | aku | |
| Priority: | 7 High | Severity: | Minor | |
| Status: | Closed | Last Modified: | 2019-06-24 18:28:28 | |
| Resolution: | Accepted | Closed By: | aku | |
| Closed on: | 2019-06-24 18:28:28 | |||
| Description: |
In practice www-url-encoded POST params can use encodings other than UTF-8 (think of legacy Tcl applications that use one of the ISO-8859-x charsets). In this case URL parameters can contain references to 8-bit code points (in the form of %[A-F8-9][A-F0-9]) that are not valid UTF-8 code points. For example, %DC can be used as a percent encoding for the german umlaut Ü (if a Tcl application is based on ISO-8859-1). Currently, the decode procedure does not decode %DC as all one byte UTF-8 code points must start with [0-7]. This commit improves the handling of one byte percent encoded non-ASCII characters in the form of %[A-F8-9][A-F0-9]. It allows to use ncgi in application contexts that do not use UTF-8 as the base encoding. A pull request was created on Github. See https://github.com/tcltk/tcllib/pull/13 for more details. Thanks! | |||
| User Comments: |
aku added on 2019-06-24 18:28:28:
(text/x-fossil-wiki)
Accepted and applied. Needed an update of test ncgi-3.10. Integrated, see commit [2adb057376]. aku added on 2019-06-13 05:39:27: Pulled the relevant commits from the closed PR in.
use -nocase switch in regsub commands to make regex shorter
---- modules/ncgi/ncgi.tcl
@@ -271,11 +271,11 @@ proc ::ncgi::decode {str} {
set str [string map [list + { } "\\" "\\\\" \[ \\\[ \] \\\]] $str]
# prepare to process all %-escapes
- regsub -all -- {%([Ee][A-Fa-f0-9])%([89ABab][A-Fa-f0-9])%([89ABab][A-Fa-f0-9])} \
+ regsub -all -nocase -- {%([E][A-F0-9])%([89AB][A-F0-9])%([89AB][A-F0-9])} \
$str {[encoding convertfrom utf-8 [DecodeHex \1\2\3]]} str
- regsub -all -- {%([CDcd][A-Fa-f0-9])%([89ABab][A-Fa-f0-9])} \
+ regsub -all -nocase -- {%([CD][A-F0-9])%([89AB][A-F0-9])} \
$str {[encoding convertfrom utf-8 [DecodeHex \1\2]]} str
- regsub -all -- {%([0-7][A-Fa-f0-9])} $str {\\u00\1} str
+ regsub -all -nocase -- {%([0-7][A-F0-9])} $str {\\u00\1} str
# process \u unicode mapped chars
return [subst -novar $str]
----
improved handling of one byte encodings
In practice www-url-encoded POST params can use encodings other than UTF-8
(think of legacy Tcl applications that use one of the ISO-8859-x charsets). In
this case URL parameters can contain references to 8-bit code points (in the
form of `%[A-F0-9][A-F0-9]`) that are not valid UTF-8 code points.
For example, `%DC` can be used as a percent encoding for the german umlaut `Ü`
(if a Tcl application is based on ISO-8859-1). Currently, the `decode`
procedure does not decode `%DC` as all one byte UTF-8 code points must start
with `[0-7]`.
This commit improves the handling of one byte percent encoded non-ASCII
characters. It allows to use ncgi in application contexts that do not use
UTF-8 as the base encoding.
---- modules/ncgi/ncgi.tcl
@@ -275,7 +275,7 @@ proc ::ncgi::decode {str} {
$str {[encoding convertfrom utf-8 [DecodeHex \1\2\3]]} str
regsub -all -nocase -- {%([CD][A-F0-9])%([89AB][A-F0-9])} \
$str {[encoding convertfrom utf-8 [DecodeHex \1\2]]} str
- regsub -all -nocase -- {%([0-7][A-F0-9])} $str {\\u00\1} str
+ regsub -all -nocase -- {%([A-F0-9][A-F0-9])} $str {\\u00\1} str
# process \u unicode mapped chars
return [subst -novar $str]
----
| |||
Home
Blog
Docs
Downloads
Tickets
Timeline
Branches
Tags
Wiki