diff options
| author | Péter Dimitrov <[email protected]> | 2017-11-01 13:05:22 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2017-11-15 16:26:58 +0100 |
| commit | 7d6d272b7d04cf6640145f5381c39193e40ba5f8 (patch) | |
| tree | 49773b1b10c0ade04a8e30b94e470e22fa042d23 /lib/inets/test | |
| parent | 6db8210068a55696cd5e444d40d3676737113d03 (diff) | |
| download | otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.gz otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.tar.bz2 otp-7d6d272b7d04cf6640145f5381c39193e40ba5f8.zip | |
inets: Fix http content injection bug in httpc
- uri_string module used for parsing URIs.
- Removed url_encode option as only valid URIs shall be handled
by the http client.
- The client rejects URIs that are not compliant with RFC 3986.
Change-Id: I0a5b9766f6463a9802e0b02b445a2c4c91f02236
Diffstat (limited to 'lib/inets/test')
| -rw-r--r-- | lib/inets/test/httpc_SUITE.erl | 13 | ||||
| -rw-r--r-- | lib/inets/test/httpd_basic_SUITE.erl | 5 |
2 files changed, 17 insertions, 1 deletions
diff --git a/lib/inets/test/httpc_SUITE.erl b/lib/inets/test/httpc_SUITE.erl index cc166d522e..dda5ad742c 100644 --- a/lib/inets/test/httpc_SUITE.erl +++ b/lib/inets/test/httpc_SUITE.erl @@ -68,6 +68,7 @@ real_requests()-> [ head, get, + get_query_string, post, delete, post_stream, @@ -244,6 +245,15 @@ get(Config) when is_list(Config) -> {ok, {{_,200,_}, [_ | _], BinBody}} = httpc:request(get, Request, [], [{body_format, binary}]), true = is_binary(BinBody). + + +get_query_string() -> + [{doc, "Test http get request with query string against local server"}]. +get_query_string(Config) when is_list(Config) -> + Request = {url(group_name(Config), "/dummy.html?foo=bar", Config), []}, + {ok, {{_,200,_}, [_ | _], Body = [_ | _]}} = httpc:request(get, Request, [], []), + + inets_test_lib:check_body(Body). %%-------------------------------------------------------------------- post() -> [{"Test http post request against local server. We do in this case " @@ -1713,6 +1723,9 @@ content_length(["content-length:" ++ Value | _]) -> content_length([_Head | Tail]) -> content_length(Tail). +handle_uri("GET","/dummy.html?foo=bar",_,_,_,_) -> + "HTTP/1.0 200 OK\r\n\r\nTEST"; + handle_uri(_,"/just_close.html",_,_,_,_) -> close; handle_uri(_,"/no_content.html",_,_,_,_) -> diff --git a/lib/inets/test/httpd_basic_SUITE.erl b/lib/inets/test/httpd_basic_SUITE.erl index 931cd076cc..94d22ea76c 100644 --- a/lib/inets/test/httpd_basic_SUITE.erl +++ b/lib/inets/test/httpd_basic_SUITE.erl @@ -303,7 +303,10 @@ escaped_url_in_error_body(Config) when is_list(Config) -> %% Ask for a non-existing page(1) Path = "/<b>this_is_bold<b>", HTMLEncodedPath = http_util:html_encode(Path), - URL2 = URL1 ++ Path, + URL2 = uri_string:recompose(#{scheme => "http", + host => "localhost", + port => Port, + path => Path}), {ok, {404, Body3}} = httpc:request(get, {URL2, []}, [{url_encode, true}, {version, "HTTP/1.0"}], |