Merge branch 'development' of https://git01.codeplex.com/casablanca into development

hohong · hohong · commit 4b4ba20ebb14 · 2013-08-01T16:40:59.000-07:00
diff --git a/Release/include/cpprest/http_client_impl.h b/Release/include/cpprest/http_client_impl.h
@@ -44,7 +44,6 @@ using namespace concurrency;
 #else
 #include <boost/asio.hpp>
 #include <boost/bind.hpp>
-#include <boost/asio/ssl.hpp>
 #include <boost/algorithm/string.hpp>
 #include <pplx/threadpool.h>
 #endif
@@ -62,10 +61,41 @@ using namespace web::http::details;
 
 namespace web { namespace http { namespace client { namespace details
 {
+    const bool valid_chars [] =
+    {
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0-15
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //16-31
+        0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, //32-47
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, //48-63
+        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //64-79
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, //80-95
+        0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, //96-111
+        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0 //112-127
+    };
+
 #ifdef _MS_WINDOWS
             static const utility::char_t * get_with_body = _XPLATSTR("A GET or HEAD request should not have an entity body.");
 #endif
 
+#if (!defined(_MS_WINDOWS) || defined(__cplusplus_winrt))
+            // Checks if the method contains any invalid characters
+            static bool validate_method(const utility::string_t& method)
+            {
+                for (auto iter = method.begin(); iter != method.end(); iter++)
+                {
+                    char_t ch = *iter;
+                        
+                    if (size_t(ch) >= 128)
+                        return false;
+                        
+                    if (!valid_chars[ch])
+                        return false;
+                }
+
+                return true;
+            }
+#endif
+
             // Helper function to trim leading and trailing null characters from a string.
             static void trim_nulls(utility::string_t &str)
             {
@@ -125,32 +155,14 @@ namespace web { namespace http { namespace client { namespace details
                 {
                 }
 
-                // TFS 579619 - 1206: revisit whether error_code is really needed for Linux
-                void complete_headers(const unsigned long error_code = 0)
+                void complete_headers()
                 {
                     // We have already read (and transmitted) the request body. Should we explicitly close the stream?
                     // Well, there are test cases that assumes that the istream is valid when t receives the response!
                     // For now, we will drop our reference which will close the stream if the user doesn't have one.
                     m_request.set_body(Concurrency::streams::istream());
-
                     m_received_hdrs = true;
-                    m_response.set_error_code(error_code);
-
-                    if(m_response.error_code() == 0)
-                    {
-                        m_request_completion.set(m_response);
-                    }
-#ifdef _MS_WINDOWS
-                    else
-                    {
-                        m_request_completion.set_exception(http_exception(m_response.error_code()));
-                    }
-#else
-                    else
-                    {
-                        m_request_completion.set_exception(http_exception((int)error_code, _XPLATSTR("Error reading headers")));
-                    }
-#endif
+                    m_request_completion.set(m_response);
                 }
 
                 /// <summary>
@@ -169,21 +181,17 @@ namespace web { namespace http { namespace client { namespace details
 #ifdef _MS_WINDOWS
                 // Helper function to report an error, set task completion event, and close the request handle.
 
-                // Note: I'm keeping the message parameter in case we decide to log errors again, or add the message
-                //       to the exception message. For now.
                 void report_error(const utility::string_t & errorMessage)
                 {
-                    report_error(GetLastError(), errorMessage);
+                    report_exception(http_exception(errorMessage));
                 }
 
 #endif
 
                 void report_error(unsigned long error_code, const utility::string_t & errorMessage)
                 {
-                    UNREFERENCED_PARAMETER(errorMessage);
-
                     m_response.set_error_code(error_code);
-                    report_exception(http_exception((int)m_response.error_code()));
+                    report_exception(http_exception((int)m_response.error_code(), errorMessage));
                 }
 
                 template<typename _ExceptionType>
diff --git a/Release/src/http/client/http_linux.cpp b/Release/src/http/client/http_linux.cpp
@@ -194,9 +194,9 @@ namespace web { namespace http
                     // stop injection of headers via method
                     // resource should be ok, since it's been encoded
                     // and host won't resolve
-                    if (std::find(method.begin(), method.end(), '\r') != method.end())
+                    if (!validate_method(method))
                     {
-                        ctx->report_exception(http_exception("invalid method string"));
+                        ctx->report_exception(http_exception("The method string is invalid."));
                         return;
                     }
 
diff --git a/Release/src/http/client/http_win8.cpp b/Release/src/http/client/http_win8.cpp
@@ -358,10 +358,16 @@ namespace web { namespace http
                     http_request &msg = request->m_request;
                     winrt_request_context * winrt_context = static_cast<winrt_request_context *>(request);
 
+                    if (!validate_method(msg.method()))
+                    {
+                        request->report_error(L"The method string is invalid.");
+                        return;
+                    }
+                    
                     if ( msg.method() == http::methods::TRCE )
                     {
                         // Not supported by WinInet. Generate a more specific exception than what WinInet does.
-                        request->m_request_completion.set_exception(http_exception(_XPLATSTR("TRACE is not supported")));
+                        request->report_error(L"TRACE is not supported");
                         return;
                     }
 
@@ -404,7 +410,7 @@ namespace web { namespace http
                     auto proxy = config.proxy();
                     if(!proxy.is_default())
                     {
-                        request->report_exception(http_exception(_XPLATSTR("Only a default proxy server is supported")));
+                        request->report_error(L"Only a default proxy server is supported");
                         xhr->Release();
                         return;
                     }
@@ -457,7 +463,7 @@ namespace web { namespace http
                     // response data directly into the underlying response stream.
 
                     auto writebuf = winrt_context->_get_writebuffer();
-                    if ( !_check_streambuf(winrt_context, writebuf, _XPLATSTR("Output stream is not open")) )
+                    if ( !_check_streambuf(winrt_context, writebuf, L"Output stream is not open") )
                     {
                         xhr->Release();
                         return;
@@ -479,7 +485,7 @@ namespace web { namespace http
                     if (content_length == std::numeric_limits<size_t>::max())
                     {
                         // IXHR2 does not allow transfer encoding chunked. So the user is expected to set the content length
-                        request->report_exception(http_exception(_XPLATSTR("Content length is not specified in the http headers")));
+                        request->report_error(L"Content length is not specified in the http headers");
                         xhr->Release();
                         return;
                     }
@@ -498,7 +504,7 @@ namespace web { namespace http
                         }
 
                         auto readbuf = winrt_context->_get_readbuffer();
-                        if ( !_check_streambuf(winrt_context, readbuf, _XPLATSTR("Input stream is not open")) )
+                        if ( !_check_streambuf(winrt_context, readbuf, L"Input stream is not open") )
                         {
                             xhr->Release();
                             return;
@@ -533,7 +539,7 @@ namespace web { namespace http
         {
             // Somethings like proper URI schema are verified by the URI class.
             // We only need to check certain things specific to HTTP.
-            if( uri.scheme() != _XPLATSTR("http") && uri.scheme() != _XPLATSTR("https") )
+            if( uri.scheme() != L"http" && uri.scheme() != L"https" )
             {
                 throw std::invalid_argument("URI scheme must be 'http' or 'https'");
             }

Original file line number	Diff line number	Diff line change
`@@ -194,9 +194,9 @@ namespace web { namespace http`
`194`	`194`	`// stop injection of headers via method`
`195`	`195`	`// resource should be ok, since it's been encoded`
`196`	`196`	`// and host won't resolve`
`197`		`- if (std::find(method.begin(), method.end(), '\r') != method.end())`
	`197`	`+ if (!validate_method(method))`
`198`	`198`	`{`
`199`		`- ctx->report_exception(http_exception("invalid method string"));`
	`199`	`+ ctx->report_exception(http_exception("The method string is invalid."));`
`200`	`200`	`return;`
`201`	`201`	`}`
`202`	`202`
Original file line number	Diff line number	Diff line change
`@@ -358,10 +358,16 @@ namespace web { namespace http`
`358`	`358`	`http_request &msg = request->m_request;`
`359`	`359`	`winrt_request_context * winrt_context = static_cast<winrt_request_context *>(request);`
`360`	`360`
	`361`	`+ if (!validate_method(msg.method()))`
	`362`	`+ {`
	`363`	`+ request->report_error(L"The method string is invalid.");`
	`364`	`+ return;`
	`365`	`+ }`
	`366`	`+`
`361`	`367`	`if ( msg.method() == http::methods::TRCE )`
`362`	`368`	`{`
`363`	`369`	`// Not supported by WinInet. Generate a more specific exception than what WinInet does.`
`364`		`- request->m_request_completion.set_exception(http_exception(_XPLATSTR("TRACE is not supported")));`
	`370`	`+ request->report_error(L"TRACE is not supported");`
`365`	`371`	`return;`
`366`	`372`	`}`
`367`	`373`
`@@ -404,7 +410,7 @@ namespace web { namespace http`
`404`	`410`	`auto proxy = config.proxy();`
`405`	`411`	`if(!proxy.is_default())`
`406`	`412`	`{`
`407`		`- request->report_exception(http_exception(_XPLATSTR("Only a default proxy server is supported")));`
	`413`	`+ request->report_error(L"Only a default proxy server is supported");`
`408`	`414`	`xhr->Release();`
`409`	`415`	`return;`
`410`	`416`	`}`
`@@ -457,7 +463,7 @@ namespace web { namespace http`
`457`	`463`	`// response data directly into the underlying response stream.`
`458`	`464`
`459`	`465`	`auto writebuf = winrt_context->_get_writebuffer();`
`460`		`- if ( !_check_streambuf(winrt_context, writebuf, _XPLATSTR("Output stream is not open")) )`
	`466`	`+ if ( !_check_streambuf(winrt_context, writebuf, L"Output stream is not open") )`
`461`	`467`	`{`
`462`	`468`	`xhr->Release();`
`463`	`469`	`return;`
`@@ -479,7 +485,7 @@ namespace web { namespace http`
`479`	`485`	`if (content_length == std::numeric_limits<size_t>::max())`
`480`	`486`	`{`
`481`	`487`	`// IXHR2 does not allow transfer encoding chunked. So the user is expected to set the content length`
`482`		`- request->report_exception(http_exception(_XPLATSTR("Content length is not specified in the http headers")));`
	`488`	`+ request->report_error(L"Content length is not specified in the http headers");`
`483`	`489`	`xhr->Release();`
`484`	`490`	`return;`
`485`	`491`	`}`
`@@ -498,7 +504,7 @@ namespace web { namespace http`
`498`	`504`	`}`
`499`	`505`
`500`	`506`	`auto readbuf = winrt_context->_get_readbuffer();`
`501`		`- if ( !_check_streambuf(winrt_context, readbuf, _XPLATSTR("Input stream is not open")) )`
	`507`	`+ if ( !_check_streambuf(winrt_context, readbuf, L"Input stream is not open") )`
`502`	`508`	`{`
`503`	`509`	`xhr->Release();`
`504`	`510`	`return;`
`@@ -533,7 +539,7 @@ namespace web { namespace http`
`533`	`539`	`{`
`534`	`540`	`// Somethings like proper URI schema are verified by the URI class.`
`535`	`541`	`// We only need to check certain things specific to HTTP.`
`536`		`- if( uri.scheme() != _XPLATSTR("http") && uri.scheme() != _XPLATSTR("https") )`
	`542`	`+ if( uri.scheme() != L"http" && uri.scheme() != L"https" )`
`537`	`543`	`{`
`538`	`544`	`throw std::invalid_argument("URI scheme must be 'http' or 'https'");`
`539`	`545`	`}`