fix(iRest): Use encodeURIComponent for url params #72
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Signed-off-by: Aaron Magid <ahm64@case.edu>
|
Docs for encodeURIComponent. These changes look good. Can you provide a simple example that shows the failure of This will be helpful in creating a test case. Thanks for contributing! |
dmabupt
approved these changes
Jul 19, 2019
|
Hey, so sorry - I completely missed your message! Simplest way to test this is the way I ran into it - by running a SQL query which contained an '&'. XMLService will return a 400 error without this fix. Simple test: const query = `select * from test_table where name='&#!test??'`;
const sql = new xt.iSql();
sql.addQuery(query);
sql.fetch();
sql.free();
conn.add(sql);
conn.run(xmlResponse => console.log(xmlResponse)); |
abmusse
requested changes
Oct 2, 2019
There was a problem hiding this comment.
After merging PR #78,
Looks like this PR needs to be updated because lib/irest.js has been moved and changed.
This PR should be updated with changes like the following in lib/transports/irest.js:
let xmlEnc = `db2=${encodeURIComponent(database)
}&uid=${encodeURIComponent(username)
}&pwd=${encodeURIComponent(password)
}&ipc=${encodeURIComponent(ipc)
}&ctl=${encodeURIComponent(ctl)
}&xmlin=${encodeURIComponent(xmlInput)
}&xmlout=${encodeURIComponent(outputBuffer.toString())}`;
kadler
added a commit
that referenced
this pull request
Jan 13, 2020
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Thanks to @amagid for the original PR. Obsoletes #72 Fixes #71 Co-authored-by: Aaron Magid <ahm64@case.edu>
abmusse
pushed a commit
that referenced
this pull request
Jan 17, 2020
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Thanks to @amagid for the original PR. Obsoletes #72 Fixes #71 Co-authored-by: Aaron Magid <ahm64@case.edu>
|
Obsoleted by #89 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
encodeURI() does not encode &, #, or ? characters, so if they are
present anywhere in the submitted XML document, they will cause the URI
to be invalid and result in a 400 error. Instead, using
encodeURIComponent() on each individual URL param will safely encode all
possible characters.
Closes #71