Prusalink: Add missing urlencode, fix bounds check and add url tests#5184
Open
bkerler wants to merge 2 commits intoprusa3d:masterfrom
Open
Prusalink: Add missing urlencode, fix bounds check and add url tests#5184bkerler wants to merge 2 commits intoprusa3d:masterfrom
bkerler wants to merge 2 commits intoprusa3d:masterfrom
Conversation
The previous bounds check compared the output buffer size against an input string position, which is a category error. It has been replaced with a proper check that verifies whether two further input characters are available to complete a %XX sequence. Additionally, the decoder now treats a '%' that is not followed by exactly two valid hex digits as a literal '%' character instead of returning an error. This makes the server resilient against clients that do not percent-encode special characters in URL paths. Fixes prusa3d#5112
Cover the three cases relevant to filenames containing '%': - '%' at the end of the URL (no following characters) - '%' followed by non-hex characters (e.g. "file50%.gcode") - '%' properly encoded as '%25', which must still decode to '%'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This solves issue #5112. If files with percent sign are being uploaded, these aren't url encoded as they should be.
The second commit makes sure that the url_decode bounds check is handled properly and that if percent signs are used, they are identified as special characters correctly if applicable (percent-encoded sequence). To make sure that everything works correctly, tests have been added (here: claude code has been used for implementing the tests).
This PR requires prior adaption of prusa3d/Prusa-Link-Web#525