-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(iRest): Use encodeURIComponent for url params #72
Conversation
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Signed-off-by: Aaron Magid <ahm64@case.edu>
Docs for encodeURIComponent. These changes look good. Can you provide a simple example that shows the failure of This will be helpful in creating a test case. Thanks for contributing! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noticed this PR is intended for Master branch we should put this on ice until PR #78 Lands.
Hey, so sorry - I completely missed your message! Simplest way to test this is the way I ran into it - by running a SQL query which contained an '&'. XMLService will return a 400 error without this fix. Simple test: const query = `select * from test_table where name='&#!test??'`;
const sql = new xt.iSql();
sql.addQuery(query);
sql.fetch();
sql.free();
conn.add(sql);
conn.run(xmlResponse => console.log(xmlResponse)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After merging PR #78,
Looks like this PR needs to be updated because lib/irest.js has been moved and changed.
This PR should be updated with changes like the following in lib/transports/irest.js:
let xmlEnc = `db2=${encodeURIComponent(database)
}&uid=${encodeURIComponent(username)
}&pwd=${encodeURIComponent(password)
}&ipc=${encodeURIComponent(ipc)
}&ctl=${encodeURIComponent(ctl)
}&xmlin=${encodeURIComponent(xmlInput)
}&xmlout=${encodeURIComponent(outputBuffer.toString())}`;
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Thanks to @amagid for the original PR. Obsoletes #72 Fixes #71 Co-authored-by: Aaron Magid <ahm64@case.edu>
encodeURI() does not encode &, #, or ? characters, so if they are present anywhere in the submitted XML document, they will cause the URI to be invalid and result in a 400 error. Instead, using encodeURIComponent() on each individual URL param will safely encode all possible characters. Thanks to @amagid for the original PR. Obsoletes #72 Fixes #71 Co-authored-by: Aaron Magid <ahm64@case.edu>
Obsoleted by #89 |
encodeURI() does not encode &, #, or ? characters, so if they are
present anywhere in the submitted XML document, they will cause the URI
to be invalid and result in a 400 error. Instead, using
encodeURIComponent() on each individual URL param will safely encode all
possible characters.
Closes #71