diff options
| author | Péter Dimitrov <[email protected]> | 2017-11-01 13:05:22 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2017-11-15 16:26:58 +0100 |
| commit | 7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch) | |
| tree | 49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/test/httpd_basic_SUITE.erl | |
| parent | 6db8210068a55696cd5e444d40d3676737113d03 (diff) | |
| download | otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2 otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip | |
inets: Fix http content injection bug in httpc
- uri_string module used for parsing URIs.
- Removed url_encode option as only valid URIs shall be handled
by the http client.
- The client rejects URIs that are not compliant with RFC 3986.
Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
Diffstat (limited to 'lib/inets/test/httpd_basic_SUITE.erl')
| -rw-r--r-- | lib/inets/test/httpd_basic_SUITE.erl | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/inets/test/httpd_basic_SUITE.erl b/lib/inets/test/httpd_basic_SUITE.erl index 931cd076cc..94d22ea76c 100644 --- a/lib/inets/test/httpd_basic_SUITE.erl +++ b/lib/inets/test/httpd_basic_SUITE.erl @@ -303,7 +303,10 @@ escaped_url_in_error_body(Config) when is_list(Config) -> %% Ask for a non-existing page(1) Path = "/<b>this_is_bold<b>", HTMLEncodedPath = http_util:html_encode(Path), - URL2 = URL1 ++ Path, + URL2 = uri_string:recompose(#{scheme => "http", + host => "localhost", + port => Port, + path => Path}), {ok, {404, Body3}} = httpc:request(get, {URL2, []}, [{url_encode, true}, {version, "HTTP/1.0"}], |