[asterisk-dev] [Code Review] Properly escape characters in URIs

Tilghman Lesher reviewboard at asterisk.org
Mon Jan 24 05:03:06 CST 2011


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1081/#review3121
-----------------------------------------------------------

Ship it!


Minor documentation changes, good to go.


/trunk/include/asterisk/utils.h
<https://reviewboard.asterisk.org/r/1081/#comment6385>

    This should say "Every byte"... Unicode characters may be encoded as multiple bytes.



/trunk/include/asterisk/utils.h
<https://reviewboard.asterisk.org/r/1081/#comment6386>

    Actually, all of them are supported; it's just that ast_uri_http_legacy is the only one which does something different.


- Tilghman


On 2011-01-20 12:24:43, Matthew Nicholson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1081/
> -----------------------------------------------------------
> 
> (Updated 2011-01-20 12:24:43)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> According to section 19.1.2 of RFC 3261:
> 
>   For each component, the set of valid BNF expansions defines exactly
>   which characters may appear unescaped.  All other characters MUST be
>   escaped.
> 
> This patch modifies ast_uri_encode() to encode strings in line with this recommendation.  This patch also adds an ast_escape_quoted() function which escapes '"' and '\' characters in quoted strings in accordance with section 25.1 of RFC 3261.  The ast_uri_encode() function has also been modified to take an ast_flags struct describing the set of rules it should use when escaping characters to allow for it to escape SIP URIs in addition to HTTP URIs and other types of URIs or variations of those two URI types in the future.
> 
> The ast_uri_decode() function has also been modified to accept an ast_flags struct describing the set of rules to use when decoding to enable decoding '+' as ' ' in legacy http URLs.
> 
> 
> Diffs
> -----
> 
>   /trunk/channels/chan_sip.c 302507 
>   /trunk/channels/sip/reqresp_parser.c 302507 
>   /trunk/funcs/func_curl.c 302507 
>   /trunk/funcs/func_uri.c 302507 
>   /trunk/include/asterisk/utils.h 302507 
>   /trunk/main/http.c 302507 
>   /trunk/main/utils.c 302507 
>   /trunk/res/res_agi.c 302507 
>   /trunk/res/res_config_curl.c 302507 
>   /trunk/tests/test_utils.c 302507 
> 
> Diff: https://reviewboard.asterisk.org/r/1081/diff
> 
> 
> Testing
> -------
> 
> The existing unit test for ast_uri_encode() has been modified to test the new functionality in addition to testing for a buffer overflow.  The new ast_escape_quoted() function has a similar test.
> 
> 
> Thanks,
> 
> Matthew
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110124/97290b68/attachment-0001.htm>


More information about the asterisk-dev mailing list