Avoid double escaping in PathString

JunTaoLuo · JunTaoLuo · commit 0da88e0dda36 · 2017-04-06T13:29:06.000-07:00
diff --git a/src/Microsoft.AspNetCore.Http.Abstractions/Internal/PathStringHelper.cs b/src/Microsoft.AspNetCore.Http.Abstractions/Internal/PathStringHelper.cs
@@ -28,5 +28,20 @@ public static bool IsValidPathChar(char c)
         {
             return c < ValidPathChars.Length && ValidPathChars[c];
         }
+
+        public static bool IsPercentEncodedChar(string str, int index)
+        {
+            return index < str.Length - 2
+                && str[index] == '%'
+                && IsHexadecimalChar(str[index + 1])
+                && IsHexadecimalChar(str[index + 2]);
+        }
+
+        public static bool IsHexadecimalChar(char c)
+        {
+            return ('0' <= c && c <= '9')
+                || ('A' <= c && c <= 'F')
+                || ('a' <= c && c <= 'f');
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Http.Abstractions/PathString.cs b/src/Microsoft.AspNetCore.Http.Abstractions/PathString.cs
@@ -53,7 +53,7 @@ public bool HasValue
         }
 
         /// <summary>
-        /// Provides the path string escaped in a way which is correct for combining into the URI representation. 
+        /// Provides the path string escaped in a way which is correct for combining into the URI representation.
         /// </summary>
         /// <returns>The escaped path value</returns>
         public override string ToString()
@@ -77,9 +77,12 @@ public string ToUriComponent()
             var start = 0;
             var count = 0;
             var requiresEscaping = false;
-            for (int i = 0; i < _value.Length; ++i)
+            var i = 0;
+
+            while (i < _value.Length)
             {
-                if (PathStringHelper.IsValidPathChar(_value[i]))
+                var isPercentEncodedChar = PathStringHelper.IsPercentEncodedChar(_value, i);
+                if (PathStringHelper.IsValidPathChar(_value[i]) || isPercentEncodedChar)
                 {
                     if (requiresEscaping)
                     {
@@ -96,7 +99,16 @@ public string ToUriComponent()
                         count = 0;
                     }
 
-                    count++;
+                    if (isPercentEncodedChar)
+                    {
+                        count += 3;
+                        i += 3;
+                    }
+                    else
+                    {
+                        count++;
+                        i++;
+                    }
                 }
                 else
                 {
@@ -116,6 +128,7 @@ public string ToUriComponent()
                     }
 
                     count++;
+                    i++;
                 }
             }
 
@@ -146,6 +159,7 @@ public string ToUriComponent()
             }
         }
 
+
         /// <summary>
         /// Returns an PathString given the path as it is escaped in the URI format. The string MUST NOT contain any
         /// value that is not a path.
@@ -279,7 +293,7 @@ public bool StartsWithSegments(PathString other, StringComparison comparisonType
         }
 
         /// <summary>
-        /// Adds two PathString instances into a combined PathString value. 
+        /// Adds two PathString instances into a combined PathString value.
         /// </summary>
         /// <returns>The combined PathString value</returns>
         public PathString Add(PathString other)
@@ -297,7 +311,7 @@ public PathString Add(PathString other)
         }
 
         /// <summary>
-        /// Combines a PathString and QueryString into the joined URI formatted string value. 
+        /// Combines a PathString and QueryString into the joined URI formatted string value.
         /// </summary>
         /// <returns>The joined URI formatted string value</returns>
         public string Add(QueryString other)
diff --git a/test/Microsoft.AspNetCore.Http.Abstractions.Tests/PathStringTests.cs b/test/Microsoft.AspNetCore.Http.Abstractions.Tests/PathStringTests.cs
@@ -195,6 +195,10 @@ public void StartsWithSegmentsWithRemainder_DoesMatchUsingSpecifiedComparison(st
         [InlineData("pct-encoding", "/单行道", "/%E5%8D%95%E8%A1%8C%E9%81%93")]
         [InlineData("mixed1", "/index/单行道=(x*y)[abc]", "/index/%E5%8D%95%E8%A1%8C%E9%81%93=(x*y)%5Babc%5D")]
         [InlineData("mixed2", "/index/单行道=(x*y)[abc]_", "/index/%E5%8D%95%E8%A1%8C%E9%81%93=(x*y)%5Babc%5D_")]
+        [InlineData("encoded", "/http%3a%2f%2f[foo]%3A5000/", "/http%3a%2f%2f%5Bfoo%5D%3A5000/")]
+        [InlineData("encoded", "/http%3a%2f%2f[foo]%3A5000/%", "/http%3a%2f%2f%5Bfoo%5D%3A5000/%25")]
+        [InlineData("encoded", "/http%3a%2f%2f[foo]%3A5000/%2", "/http%3a%2f%2f%5Bfoo%5D%3A5000/%252")]
+        [InlineData("encoded", "/http%3a%2f%2f[foo]%3A5000/%2F", "/http%3a%2f%2f%5Bfoo%5D%3A5000/%2F")]
         public void ToUriComponentEscapeCorrectly(string category, string input, string expected)
         {
             var path = new PathString(input);

Original file line number	Diff line number	Diff line change
`@@ -28,5 +28,20 @@ public static bool IsValidPathChar(char c)`
`28`	`28`	`{`
`29`	`29`	`return c < ValidPathChars.Length && ValidPathChars[c];`
`30`	`30`	`}`
	`31`	`+`
	`32`	`+ public static bool IsPercentEncodedChar(string str, int index)`
	`33`	`+ {`
	`34`	`+ return index < str.Length - 2`
	`35`	`+ && str[index] == '%'`
	`36`	`+ && IsHexadecimalChar(str[index + 1])`
	`37`	`+ && IsHexadecimalChar(str[index + 2]);`
	`38`	`+ }`
	`39`	`+`
	`40`	`+ public static bool IsHexadecimalChar(char c)`
	`41`	`+ {`
	`42`	`+ return ('0' <= c && c <= '9')`
	`43`	`+ \|\| ('A' <= c && c <= 'F')`
	`44`	`+ \|\| ('a' <= c && c <= 'f');`
	`45`	`+ }`
`31`	`46`	`}`
`32`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ public bool HasValue`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`/// <summary>`
`56`		`- /// Provides the path string escaped in a way which is correct for combining into the URI representation.`
	`56`	`+ /// Provides the path string escaped in a way which is correct for combining into the URI representation.`
`57`	`57`	`/// </summary>`
`58`	`58`	`/// <returns>The escaped path value</returns>`
`59`	`59`	`public override string ToString()`
`@@ -77,9 +77,12 @@ public string ToUriComponent()`
`77`	`77`	`var start = 0;`
`78`	`78`	`var count = 0;`
`79`	`79`	`var requiresEscaping = false;`
`80`		`- for (int i = 0; i < _value.Length; ++i)`
	`80`	`+ var i = 0;`
	`81`	`+`
	`82`	`+ while (i < _value.Length)`
`81`	`83`	`{`
`82`		`- if (PathStringHelper.IsValidPathChar(_value[i]))`
	`84`	`+ var isPercentEncodedChar = PathStringHelper.IsPercentEncodedChar(_value, i);`
	`85`	`+ if (PathStringHelper.IsValidPathChar(_value[i]) \|\| isPercentEncodedChar)`
`83`	`86`	`{`
`84`	`87`	`if (requiresEscaping)`
`85`	`88`	`{`
`@@ -96,7 +99,16 @@ public string ToUriComponent()`
`96`	`99`	`count = 0;`
`97`	`100`	`}`
`98`	`101`
`99`		`- count++;`
	`102`	`+ if (isPercentEncodedChar)`
	`103`	`+ {`
	`104`	`+ count += 3;`
	`105`	`+ i += 3;`
	`106`	`+ }`
	`107`	`+ else`
	`108`	`+ {`
	`109`	`+ count++;`
	`110`	`+ i++;`
	`111`	`+ }`
`100`	`112`	`}`
`101`	`113`	`else`
`102`	`114`	`{`
`@@ -116,6 +128,7 @@ public string ToUriComponent()`
`116`	`128`	`}`
`117`	`129`
`118`	`130`	`count++;`
	`131`	`+ i++;`
`119`	`132`	`}`
`120`	`133`	`}`
`121`	`134`
`@@ -146,6 +159,7 @@ public string ToUriComponent()`
`146`	`159`	`}`
`147`	`160`	`}`
`148`	`161`
	`162`	`+`
`149`	`163`	`/// <summary>`
`150`	`164`	`/// Returns an PathString given the path as it is escaped in the URI format. The string MUST NOT contain any`
`151`	`165`	`/// value that is not a path.`
`@@ -279,7 +293,7 @@ public bool StartsWithSegments(PathString other, StringComparison comparisonType`
`279`	`293`	`}`
`280`	`294`
`281`	`295`	`/// <summary>`
`282`		`- /// Adds two PathString instances into a combined PathString value.`
	`296`	`+ /// Adds two PathString instances into a combined PathString value.`
`283`	`297`	`/// </summary>`
`284`	`298`	`/// <returns>The combined PathString value</returns>`
`285`	`299`	`public PathString Add(PathString other)`
`@@ -297,7 +311,7 @@ public PathString Add(PathString other)`
`297`	`311`	`}`
`298`	`312`
`299`	`313`	`/// <summary>`
`300`		`- /// Combines a PathString and QueryString into the joined URI formatted string value.`
	`314`	`+ /// Combines a PathString and QueryString into the joined URI formatted string value.`
`301`	`315`	`/// </summary>`
`302`	`316`	`/// <returns>The joined URI formatted string value</returns>`
`303`	`317`	`public string Add(QueryString other)`