Skip to content
Permalink
Browse files

[server] Avoid %2B to be interpreted as space in querystring

If '+' is replaced by ' ' after percent decoding, '%2B' is interpreted as ' '.

Fix this by replacing '+' by '%20' before percent decoding.
  • Loading branch information
arnaud-morvan committed Apr 27, 2018
1 parent de8f264 commit 4087521f246b20469d52e601465164f2fb0021c3
Showing with 8 additions and 5 deletions.
  1. +3 −5 src/server/qgsserverrequest.cpp
  2. +5 −0 tests/src/python/test_qgsserver_request.py
@@ -76,14 +76,12 @@ QMap<QString, QString> QgsServerRequest::parameters() const
typedef QPair<QString, QString> pair_t;

QUrlQuery query( mUrl );
query.setQuery( query.query().replace( '+', QStringLiteral( "%20" ) ) );

QList<pair_t> items = query.queryItems( QUrl::FullyDecoded );
Q_FOREACH ( const pair_t &pair, items )
{
// prepare the value
QString value = pair.second;
value.replace( '+', ' ' );

mParams.insert( pair.first.toUpper(), value );
mParams.insert( pair.first.toUpper(), pair.second );
}
mDecoded = true;
}
@@ -48,6 +48,11 @@ def test_requestParameters(self):
for k, v in request.headers().items():
self.assertEqual(parameters[k], v)

def test_requestParametersDecoding(self):
"""Test request parameters decoding"""
request = QgsServerRequest('http://somesite.com/somepath?parm1=val1%20%2B+val2', QgsServerRequest.GetMethod)
self.assertEqual(request.parameters()['PARM1'], 'val1 + val2')

def test_requestUrl(self):
"""Test url"""
request = QgsServerRequest('http://somesite.com/somepath', QgsServerRequest.GetMethod)

0 comments on commit 4087521

Please sign in to comment.
You can’t perform that action at this time.