Fixing bug in uri_builder::append_query when using the key value version a few characters were missed being encoded.

stgates · stgates · commit eca8ff73df6e · 2015-07-17T16:57:47.000-07:00
diff --git a/Release/include/cpprest/base_uri.h b/Release/include/cpprest/base_uri.h
@@ -441,7 +441,7 @@ namespace web {
         friend class uri_builder;
 
         // Encodes all characters not in given set determined by given function.
-        static utility::string_t encode_impl(const utility::string_t &raw, const std::function<bool(int)>& should_encode);
+        _ASYNCRTIMP static utility::string_t __cdecl encode_impl(const utility::string_t &raw, const std::function<bool __cdecl(int)>& should_encode);
 
         utility::string_t m_uri;
         details::uri_components m_components;
diff --git a/Release/include/cpprest/uri_builder.h b/Release/include/cpprest/uri_builder.h
@@ -30,6 +30,7 @@
 #include <vector>
 
 #include "cpprest/base_uri.h"
+#include "cpprest/details/uri_parser.h"
 
 namespace web
 {
@@ -234,12 +235,29 @@ namespace web
         /// <param name="value">The value portion of the query string</param>
         /// <returns>A reference to this uri_builder to support chaining.</returns>
         template<typename T>
-        uri_builder &append_query(utility::string_t name, const T &value, bool do_encoding = true)
+        uri_builder &append_query(const utility::string_t &name, const T &value, bool do_encoding = true)
         {
-            utility::ostringstream_t ss;
-            ss.imbue(std::locale::classic());
-            ss << name << _XPLATSTR("=") << value;
-            return append_query(ss.str(), do_encoding);
+            auto encodedName = name;
+            auto encodedValue = ::utility::conversions::print_string(value, std::locale::classic());
+
+            if (do_encoding)
+            {
+                auto encodingCheck = [](int ch)
+                {
+                    // Encode '&', ';', and '=' since they are used
+                    // as delimiters in query component.
+                    return ch == '&' || ch == ';' || ch == '=' || !::web::details::uri_parser::is_query_character(ch)
+                        || ch == '%' || ch == '+';
+                };
+                encodedName = uri::encode_impl(encodedName, encodingCheck);
+                encodedValue = uri::encode_impl(encodedValue, encodingCheck);
+            }
+
+            auto encodedQuery = encodedName;
+            encodedQuery.append(_XPLATSTR("="));
+            encodedQuery.append(encodedValue);
+            // The query key value pair was already encoded by us or the user separately.
+            return append_query(encodedQuery, false);
         }
 
         /// <summary>
diff --git a/Release/tests/functional/uri/uri_builder_tests.cpp b/Release/tests/functional/uri/uri_builder_tests.cpp
@@ -316,6 +316,9 @@ TEST(append_query_string)
     builder.append_query(U("key6"), U("val6"));
     VERIFY_ARE_EQUAL(U("key1=value1&key2=value2&key3=value3&key4=value4&key5=1&key6=val6"), builder.query());
 
+    // key and value separate with '=', '&', and ';'
+    builder.append_query(U("key=&;"), U("=&;value"));
+    VERIFY_ARE_EQUAL(U("key1=value1&key2=value2&key3=value3&key4=value4&key5=1&key6=val6&key%3D%26%3B=%3D%26%3Bvalue"), builder.query());
 }
 
 TEST(append_string)

Original file line number	Diff line number	Diff line change
`@@ -316,6 +316,9 @@ TEST(append_query_string)`
`316`	`316`	`builder.append_query(U("key6"), U("val6"));`
`317`	`317`	`VERIFY_ARE_EQUAL(U("key1=value1&key2=value2&key3=value3&key4=value4&key5=1&key6=val6"), builder.query());`
`318`	`318`
	`319`	`+ // key and value separate with '=', '&', and ';'`
	`320`	`+ builder.append_query(U("key=&;"), U("=&;value"));`
	`321`	`+ VERIFY_ARE_EQUAL(U("key1=value1&key2=value2&key3=value3&key4=value4&key5=1&key6=val6&key%3D%26%3B=%3D%26%3Bvalue"), builder.query());`
`319`	`322`	`}`
`320`	`323`
`321`	`324`	`TEST(append_string)`