aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_lib
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2011-11-01 18:42:42 +0100
committerErlang/OTP <[email protected]>2011-11-01 18:42:42 +0100
commit65db6eb562b0376dd29fc60e9378d7b3b8ac386b (patch)
tree26c5761f96eabdd7f4f1ec83e5edb7853b180db6 /lib/inets/src/http_lib
parentf8b20b4a995727f0339074d23a0fae50712683d2 (diff)
parentf8f0496c1b85169f6e72b6f875c521f09a471bbf (diff)
downloadotp-65db6eb562b0376dd29fc60e9378d7b3b8ac386b.tar.gz
otp-65db6eb562b0376dd29fc60e9378d7b3b8ac386b.tar.bz2
otp-65db6eb562b0376dd29fc60e9378d7b3b8ac386b.zip
Merge branch 'bmk/inets/inets536_integration' into maint-r13
* bmk/inets/inets536_integration: [httpd] GET request with malformed header date caused server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674 Added versions 5.2, 5.1.3 and 5.1.2 again. OTP-9655 Uncommented ipv6 test cases. OTP-9655 Fixed HTML encode. First *try* to hex decode uri, and then do the actual html encode. OTP-9655 Skip catching hex decode failure. OTP-9655 Fixed hex-decoding. OTP-9655 Problems with proxy test cases. OTP-9655 Added release notes, appup and correct version. OTP-9655 The XSS prevention methods used was confused if the URL was encoded (hex-encoded). OTP-9655
Diffstat (limited to 'lib/inets/src/http_lib')
-rw-r--r--lib/inets/src/http_lib/http_uri.erl18
-rw-r--r--lib/inets/src/http_lib/http_util.erl5
2 files changed, 14 insertions, 9 deletions
diff --git a/lib/inets/src/http_lib/http_uri.erl b/lib/inets/src/http_lib/http_uri.erl
index 3804af60f4..d03acff3a9 100644
--- a/lib/inets/src/http_lib/http_uri.erl
+++ b/lib/inets/src/http_lib/http_uri.erl
@@ -21,7 +21,8 @@
-module(http_uri).
-export([parse/1]).
--export([parse/1, encode/1, decode/1]).
+-export([encode/1, decode/1]).
+
%%%=========================================================================
%%% API
@@ -45,16 +46,21 @@ encode(URI) ->
$\\, $', $^, $%, $ ]),
lists:append(lists:map(fun(Char) -> uri_encode(Char, Reserved) end, URI)).
-decode([$%,Hex1,Hex2|Rest]) ->
- [hex2dec(Hex1)*16+hex2dec(Hex2)|decode(Rest)];
-decode([First|Rest]) ->
- [First|decode(Rest)];
-decode([]) ->
+decode(String) ->
+ do_decode(String).
+
+do_decode([$%,Hex1,Hex2|Rest]) ->
+ [hex2dec(Hex1)*16+hex2dec(Hex2)|do_decode(Rest)];
+do_decode([First|Rest]) ->
+ [First|do_decode(Rest)];
+do_decode([]) ->
[].
+
%%%========================================================================
%%% Internal functions
%%%========================================================================
+
parse_scheme(AbsURI) ->
case split_uri(AbsURI, ":", {error, no_scheme}, 1, 1) of
{error, no_scheme} ->
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl
index be0602ff6e..5d8cb9365d 100644
--- a/lib/inets/src/http_lib/http_util.erl
+++ b/lib/inets/src/http_lib/http_util.erl
@@ -190,9 +190,8 @@ timeout(Timeout, Started) ->
html_encode(Chars) ->
Reserved = sets:from_list([$&, $<, $>, $\", $', $/]),
- lists:append(lists:map(fun(Char) ->
- char_to_html_entity(Char, Reserved)
- end, Chars)).
+ lists:append([char_to_html_entity(Char, Reserved) || Char <- Chars]).
+
%%%========================================================================