Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add fix and test for URLs that contain literal IPv6 addresses. [Bug 3531209] |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
1b9de3862713db777b043d0a7c5b5674 |
User & Date: | max 2012-07-08 10:55:49 |
Context
2012-07-10
| ||
20:27 | merge 8.5 check-in: c7c6dfcb5b user: dgp tags: trunk | |
2012-07-08
| ||
11:32 | merge trunk check-in: 4d5a76f620 user: dkf tags: dkf-http-cookies | |
10:55 | Add fix and test for URLs that contain literal IPv6 addresses. [Bug 3531209] check-in: 1b9de38627 user: max tags: trunk | |
10:34 | MSVC 6.0 does not have the %I modifier check-in: 206a39d2c4 user: jan.nijtmans tags: trunk | |
Changes
Changes to ChangeLog.
1 2 3 4 5 6 7 | 2012-07-05 Don Porter <[email protected]> * unix/tclUnixPipe.c: [Bug 1189293] Make "<<" binary safe. * win/tclWinPipe.c: 2012-07-03 Donal K. Fellows <[email protected]> | > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 | 2012-07-08 Reinhard Max <[email protected]> * library/http/http.tcl: Add fix and test for URLs that contain * tests/http.test: literal IPv6 addresses. [Bug 3531209] 2012-07-05 Don Porter <[email protected]> * unix/tclUnixPipe.c: [Bug 1189293] Make "<<" binary safe. * win/tclWinPipe.c: 2012-07-03 Donal K. Fellows <[email protected]> |
︙ | ︙ |
Changes to library/http/http.tcl.
︙ | ︙ | |||
415 416 417 418 419 420 421 | # The "http" is the protocol, the user is "jschmoe", the password is # "xyzzy", the host is "www.bogus.net", the port is "8000", the path is # "/foo/bar.tml", the query is "q=foo", and the fragment is "changes". # # Note that the RE actually combines the user and password parts, as # recommended in RFC 3986. Indeed, that RFC states that putting passwords # in URLs is a Really Bad Idea, something with which I would agree utterly. | < | > > > > | 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 | # The "http" is the protocol, the user is "jschmoe", the password is # "xyzzy", the host is "www.bogus.net", the port is "8000", the path is # "/foo/bar.tml", the query is "q=foo", and the fragment is "changes". # # Note that the RE actually combines the user and password parts, as # recommended in RFC 3986. Indeed, that RFC states that putting passwords # in URLs is a Really Bad Idea, something with which I would agree utterly. # # From a validation perspective, we need to ensure that the parts of the # URL that are going to the server are correctly encoded. This is only # done if $state(-strict) is true (inherited from $::http::strict). set URLmatcher {(?x) # this is _expanded_ syntax ^ (?: (\w+) : ) ? # <protocol scheme> (?: // (?: ( [^@/\#?]+ # <userinfo part of authority> ) @ )? ( # <host part of authority> [^/:\#?]+ | # host name or IPv4 address \[ [^/\#?]+ \] # IPv6 address in square brackets ) (?: : (\d+) )? # <port part of authority> )? ( / [^\#]*)? # <path> (including query) (?: \# (.*) )? # <fragment> $ } # Phase one: parse if {![regexp -- $URLmatcher $url -> proto user host port srvurl]} { unset $token return -code error "Unsupported URL: $url" } # Phase two: validate set host [string trim $host {[]}]; # strip square brackets from IPv6 address if {$host eq ""} { # Caller has to provide a host name; we do not have a "default host" # that would enable us to handle relative URLs. unset $token return -code error "Missing host part: $url" # Note that we don't check the hostname for validity here; if it's # invalid, we'll simply fail to resolve it later on. |
︙ | ︙ |
Changes to tests/http.test.
︙ | ︙ | |||
131 132 133 134 135 136 137 138 139 140 141 142 143 144 | </body></html>" set tail /a/b/c set url //[info hostname]:$port/a/b/c set fullurl http://user:pass@[info hostname]:$port/a/b/c set binurl //[info hostname]:$port/binary set posturl //[info hostname]:$port/post set badposturl //[info hostname]:$port/droppost test http-3.4 {http::geturl} -body { set token [http::geturl $url] http::data $token } -cleanup { http::cleanup $token } -result "<html><head><title>HTTP/1.0 TEST</title></head><body> <h1>Hello, World!</h1> | > | 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 | </body></html>" set tail /a/b/c set url //[info hostname]:$port/a/b/c set fullurl http://user:pass@[info hostname]:$port/a/b/c set binurl //[info hostname]:$port/binary set posturl //[info hostname]:$port/post set badposturl //[info hostname]:$port/droppost set ipv6url http://\[::1\]:$port/ test http-3.4 {http::geturl} -body { set token [http::geturl $url] http::data $token } -cleanup { http::cleanup $token } -result "<html><head><title>HTTP/1.0 TEST</title></head><body> <h1>Hello, World!</h1> |
︙ | ︙ | |||
386 387 388 389 390 391 392 393 394 395 396 397 398 399 | } -match regexp -result {(?n)Accept \*/\* Host .* User-Agent .* Connection close Content-Type {text/plain;charset=utf-8} Accept-Encoding .* Content-Length 5} test http-4.1 {http::Event} -body { set token [http::geturl $url -keepalive 0] upvar #0 $token data array set meta $data(meta) expr {($data(totalsize) == $meta(Content-Length))} } -cleanup { | > > > > > > | 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 | } -match regexp -result {(?n)Accept \*/\* Host .* User-Agent .* Connection close Content-Type {text/plain;charset=utf-8} Accept-Encoding .* Content-Length 5} test http-3.29 "http::geturl $ipv6url" -body { set token [http::geturl $ipv6url -validate 1] http::code $token } -cleanup { http::cleanup $token } -result "HTTP/1.0 200 OK" test http-4.1 {http::Event} -body { set token [http::geturl $url -keepalive 0] upvar #0 $token data array set meta $data(meta) expr {($data(totalsize) == $meta(Content-Length))} } -cleanup { |
︙ | ︙ |