From 29e4937e8f744a288d27afdb874a3f9f8a2e4a7c Mon Sep 17 00:00:00 2001 From: Looly Date: Sun, 28 May 2023 12:11:14 +0800 Subject: [PATCH] fix #I78PB1 --- .../dromara/hutool/core/net/url/RFC3986.java | 16 ++++ .../hutool/core/net/url/UrlBuilder.java | 10 +-- .../dromara/hutool/core/net/url/UrlQuery.java | 81 ++++++++++--------- .../hutool/core/net/url/UrlQueryUtil.java | 2 +- .../hutool/core/net/URLEncoderTest.java | 6 +- .../dromara/hutool/core/net/UrlQueryTest.java | 37 ++++++--- .../http/client/body/UrlEncodedFormBody.java | 2 +- .../dromara/hutool/http/IssueI78PB1Test.java | 38 +++++++++ 8 files changed, 134 insertions(+), 58 deletions(-) create mode 100755 hutool-http/src/test/java/org/dromara/hutool/http/IssueI78PB1Test.java diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/RFC3986.java b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/RFC3986.java index d3e867b64..3f2598065 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/RFC3986.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/RFC3986.java @@ -24,6 +24,7 @@ import org.dromara.hutool.core.codec.PercentCodec; public class RFC3986 { /** + * 通用URI组件分隔符
* gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" */ public static final PercentCodec GEN_DELIMS = PercentCodec.Builder.of(":/?#[]@").build(); @@ -40,6 +41,7 @@ public class RFC3986 { public static final PercentCodec RESERVED = PercentCodec.Builder.of(GEN_DELIMS).or(SUB_DELIMS).build(); /** + * 非保留字符,即URI中不作为分隔符使用的字符
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
* see: https://www.ietf.org/rfc/rfc3986.html#section-2.3 */ @@ -81,12 +83,26 @@ public class RFC3986 { */ public static final PercentCodec QUERY_PARAM_VALUE = PercentCodec.Builder.of(QUERY).removeSafe('&').build(); + /** + * query中的value编码器,严格模式,value中不能包含任何分隔符。 + * + * @since 6.0.0 + */ + public static final PercentCodec QUERY_PARAM_VALUE_STRICT = UNRESERVED; + /** * query中的key
* key不能包含"{@code &}" 和 "=" */ public static final PercentCodec QUERY_PARAM_NAME = PercentCodec.Builder.of(QUERY_PARAM_VALUE).removeSafe('=').build(); + /** + * query中的key编码器,严格模式,key中不能包含任何分隔符。 + * + * @since 6.0.0 + */ + public static final PercentCodec QUERY_PARAM_NAME_STRICT = UNRESERVED; + /** * unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" * diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlBuilder.java b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlBuilder.java index f2c41d133..3dced8274 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlBuilder.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlBuilder.java @@ -121,7 +121,7 @@ public final class UrlBuilder implements Builder { httpUrl = StrUtil.trimPrefix(httpUrl); // issue#I66CIR - if(!StrUtil.startWithAnyIgnoreCase(httpUrl, "http://", "https://")){ + if (!StrUtil.startWithAnyIgnoreCase(httpUrl, "http://", "https://")) { httpUrl = "http://" + httpUrl; } @@ -175,8 +175,8 @@ public final class UrlBuilder implements Builder { */ public static UrlBuilder of(final String scheme, final String host, final int port, final String path, final String query, final String fragment, final Charset charset) { return of(scheme, host, port, - UrlPath.of(path, charset), - UrlQuery.of(query, charset, false), fragment, charset); + UrlPath.of(path, charset), + UrlQuery.of(query, charset, false), fragment, charset); } /** @@ -434,7 +434,7 @@ public final class UrlBuilder implements Builder { } /** - * 添加查询项,支持重复键 + * 添加查询项,支持重复键,默认非严格模式 * * @param key 键 * @param value 值 @@ -446,7 +446,7 @@ public final class UrlBuilder implements Builder { } if (this.query == null) { - this.query = new UrlQuery(); + this.query = UrlQuery.of(); } this.query.add(key, value); return this; diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQuery.java b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQuery.java index b139148e0..de3be8ec2 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQuery.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQuery.java @@ -42,6 +42,31 @@ public class UrlQuery { * 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' */ private final boolean isFormUrlEncoded; + /** + * 是否严格模式,严格模式下,query的name和value中均不允许有分隔符。 + */ + private final boolean isStrict; + + // region ----- of + /** + * 构建UrlQuery + * + * @return UrlQuery + */ + public static UrlQuery of() { + return of(false, false); + } + + /** + * 构建UrlQuery + * + * @param isFormUrlEncoded 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' + * @param isStrict 是否严格模式,严格模式下,query的name和value中均不允许有分隔符。 + * @return UrlQuery + */ + public static UrlQuery of(final boolean isFormUrlEncoded, final boolean isStrict) { + return new UrlQuery(null, isFormUrlEncoded, isStrict); + } /** * 构建UrlQuery @@ -50,7 +75,7 @@ public class UrlQuery { * @return UrlQuery */ public static UrlQuery of(final Map queryMap) { - return new UrlQuery(queryMap); + return of(queryMap, false, false); } /** @@ -58,10 +83,11 @@ public class UrlQuery { * * @param queryMap 初始化的查询键值对 * @param isFormUrlEncoded 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' + * @param isStrict 是否严格模式,严格模式下,query的name和value中均不允许有分隔符。 * @return UrlQuery */ - public static UrlQuery of(final Map queryMap, final boolean isFormUrlEncoded) { - return new UrlQuery(queryMap, isFormUrlEncoded); + public static UrlQuery of(final Map queryMap, final boolean isFormUrlEncoded, final boolean isStrict) { + return new UrlQuery(queryMap, isFormUrlEncoded, isStrict); } /** @@ -85,7 +111,7 @@ public class UrlQuery { * @since 5.5.8 */ public static UrlQuery of(final String queryStr, final Charset charset, final boolean autoRemovePath) { - return of(queryStr, charset, autoRemovePath, false); + return of(queryStr, charset, autoRemovePath, false, false); } /** @@ -95,47 +121,24 @@ public class UrlQuery { * @param charset decode用的编码,null表示不做decode * @param autoRemovePath 是否自动去除path部分,{@code true}则自动去除第一个?前的内容 * @param isFormUrlEncoded 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' + * @param isStrict 是否严格模式,严格模式下,query的name和value中均不允许有分隔符。 * @return UrlQuery * @since 5.7.16 */ - public static UrlQuery of(final String queryStr, final Charset charset, final boolean autoRemovePath, final boolean isFormUrlEncoded) { - return new UrlQuery(isFormUrlEncoded).parse(queryStr, charset, autoRemovePath); - } - - /** - * 构造 - */ - public UrlQuery() { - this(null); - } - - /** - * 构造 - * - * @param isFormUrlEncoded 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' - * @since 5.7.16 - */ - public UrlQuery(final boolean isFormUrlEncoded) { - this(null, isFormUrlEncoded); - } - - /** - * 构造 - * - * @param queryMap 初始化的查询键值对 - */ - public UrlQuery(final Map queryMap) { - this(queryMap, false); + public static UrlQuery of(final String queryStr, final Charset charset, final boolean autoRemovePath + , final boolean isFormUrlEncoded, final boolean isStrict) { + return new UrlQuery(null, isFormUrlEncoded, isStrict).parse(queryStr, charset, autoRemovePath); } + // endregion /** * 构造 * * @param queryMap 初始化的查询键值对 * @param isFormUrlEncoded 是否为x-www-form-urlencoded模式,此模式下空格会编码为'+' - * @since 5.7.16 + * @param isStrict 是否严格模式,严格模式下,query的name和value中均不允许有分隔符。 */ - public UrlQuery(final Map queryMap, final boolean isFormUrlEncoded) { + public UrlQuery(final Map queryMap, final boolean isFormUrlEncoded, final boolean isStrict) { if (MapUtil.isNotEmpty(queryMap)) { query = new TableMap<>(queryMap.size()); addAll(queryMap); @@ -143,6 +146,7 @@ public class UrlQuery { query = new TableMap<>(MapUtil.DEFAULT_INITIAL_CAPACITY); } this.isFormUrlEncoded = isFormUrlEncoded; + this.isStrict = isStrict; } /** @@ -263,6 +267,9 @@ public class UrlQuery { return build(FormUrlencoded.ALL, FormUrlencoded.ALL, charset, encodePercent); } + if(isStrict){ + return build(RFC3986.QUERY_PARAM_NAME_STRICT, RFC3986.QUERY_PARAM_VALUE_STRICT, charset, encodePercent); + } return build(RFC3986.QUERY_PARAM_NAME, RFC3986.QUERY_PARAM_VALUE, charset, encodePercent); } @@ -274,9 +281,9 @@ public class UrlQuery { *
  • 如果value为{@code null},只保留key,如key1对应value为{@code null}生成类似于{@code key1&key2=v2}形式
    • * * - * @param keyCoder 键值对中键的编码器 - * @param valueCoder 键值对中值的编码器 - * @param charset encode编码,null表示不做encode编码 + * @param keyCoder 键值对中键的编码器 + * @param valueCoder 键值对中值的编码器 + * @param charset encode编码,null表示不做encode编码 * @return URL查询字符串 * @since 5.7.16 */ diff --git a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQueryUtil.java b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQueryUtil.java index 150facde3..fa517dc38 100644 --- a/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQueryUtil.java +++ b/hutool-core/src/main/java/org/dromara/hutool/core/net/url/UrlQueryUtil.java @@ -77,7 +77,7 @@ public class UrlQueryUtil { * @since 5.7.16 */ public static String toQuery(final Map paramMap, final Charset charset, final boolean isFormUrlEncoded) { - return UrlQuery.of(paramMap, isFormUrlEncoded).build(charset); + return UrlQuery.of(paramMap, isFormUrlEncoded, false).build(charset); } /** diff --git a/hutool-core/src/test/java/org/dromara/hutool/core/net/URLEncoderTest.java b/hutool-core/src/test/java/org/dromara/hutool/core/net/URLEncoderTest.java index 47165ad70..ed3dfab2e 100644 --- a/hutool-core/src/test/java/org/dromara/hutool/core/net/URLEncoderTest.java +++ b/hutool-core/src/test/java/org/dromara/hutool/core/net/URLEncoderTest.java @@ -1,11 +1,15 @@ package org.dromara.hutool.core.net; +import org.dromara.hutool.core.lang.Console; import org.dromara.hutool.core.net.url.URLDecoder; import org.dromara.hutool.core.net.url.URLEncoder; +import org.dromara.hutool.core.net.url.UrlQuery; +import org.dromara.hutool.core.util.CharsetUtil; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; public class URLEncoderTest { + @Test void encodeTest() { final String body = "366466 - 副本.jpg"; @@ -25,7 +29,7 @@ public class URLEncoderTest { } @Test - void encodeEmojiTest(){ + void encodeEmojiTest() { final String emoji = "🐶😊😂🤣"; final String encode = URLEncoder.encodeAll(emoji); Assertions.assertEquals("%F0%9F%90%B6%F0%9F%98%8A%F0%9F%98%82%F0%9F%A4%A3", encode); diff --git a/hutool-core/src/test/java/org/dromara/hutool/core/net/UrlQueryTest.java b/hutool-core/src/test/java/org/dromara/hutool/core/net/UrlQueryTest.java index e29661194..c3954a61c 100644 --- a/hutool-core/src/test/java/org/dromara/hutool/core/net/UrlQueryTest.java +++ b/hutool-core/src/test/java/org/dromara/hutool/core/net/UrlQueryTest.java @@ -17,16 +17,16 @@ import java.util.TreeMap; public class UrlQueryTest { @Test - public void parseTest(){ + public void parseTest() { final String queryStr = "a=1&b=111=="; - final UrlQuery q = new UrlQuery(); + final UrlQuery q = UrlQuery.of(); final UrlQuery parse = q.parse(queryStr, Charset.defaultCharset()); Assertions.assertEquals("111==", parse.get("b")); Assertions.assertEquals("a=1&b=111==", parse.toString()); } @Test - public void ofHttpWithoutEncodeTest(){ + public void ofHttpWithoutEncodeTest() { // charset为null表示不做编码 final String url = "https://img-cloud.voc.com.cn/140/2020/09/03/c3d41b93e0d32138574af8e8b50928b376ca5ba61599127028157.png?imageMogr2/auto-orient/thumbnail/500&pid=259848"; final UrlBuilder urlBuilder = UrlBuilder.ofHttpWithoutEncode(url); @@ -35,15 +35,15 @@ public class UrlQueryTest { } @Test - public void parseTest2(){ + public void parseTest2() { final String requestUrl = "http://192.168.1.1:8080/pc?=d52i5837i4ed=o39-ap9e19s5--=72e54*ll0lodl-f338868d2"; - final UrlQuery q = new UrlQuery(); + final UrlQuery q = UrlQuery.of(); final UrlQuery parse = q.parse(requestUrl, Charset.defaultCharset()); Assertions.assertEquals("=d52i5837i4ed=o39-ap9e19s5--=72e54*ll0lodl-f338868d2", parse.toString()); } @Test - public void parseTest3(){ + public void parseTest3() { // issue#1688@Github final String u = "https://www.baidu.com/proxy"; final UrlQuery query = UrlQuery.of(URLUtil.url(u).getQuery(), Charset.defaultCharset()); @@ -51,7 +51,7 @@ public class UrlQueryTest { } @Test - public void parseTest4(){ + public void parseTest4() { // https://github.com/dromara/hutool/issues/1989 final String queryStr = "imageMogr2/thumbnail/x800/format/jpg"; final UrlQuery query = UrlQuery.of(queryStr, CharsetUtil.UTF_8); @@ -110,38 +110,49 @@ public class UrlQueryTest { } @Test - public void plusTest(){ + public void plusTest() { // 根据RFC3986,在URL中,+是安全字符,即此符号不转义 final String a = UrlQuery.of(MapUtil.of("a+b", "1+2")).build(CharsetUtil.UTF_8); Assertions.assertEquals("a+b=1+2", a); } @Test - public void parsePlusTest(){ + public void parsePlusTest() { // 根据RFC3986,在URL中,+是安全字符,即此符号不转义 final String a = UrlQuery.of("a+b=1+2", CharsetUtil.UTF_8) - .build(CharsetUtil.UTF_8); + .build(CharsetUtil.UTF_8); Assertions.assertEquals("a+b=1+2", a); } @Test - public void spaceTest(){ + public void spaceTest() { // 根据RFC3986,在URL中,空格编码为"%20" final String a = UrlQuery.of(MapUtil.of("a ", " ")).build(CharsetUtil.UTF_8); Assertions.assertEquals("a%20=%20", a); } @Test - public void parsePercentTest(){ + public void parsePercentTest() { final String queryStr = "a%2B=ccc"; final UrlQuery query = UrlQuery.of(queryStr, null); Assertions.assertEquals(queryStr, query.toString()); } @Test - public void parsePercentTest2(){ + public void parsePercentTest2() { final String queryStr = "signature=%2Br1ekUCGjXiu50Y%2Bk0MO4ovulK8%3D"; final UrlQuery query = UrlQuery.of(queryStr, null); Assertions.assertEquals(queryStr, query.toString()); } + + @Test + void issueI78PB1Test() { + // 严格模式 + final UrlQuery query = UrlQuery.of(false, true); + query.add(":/?#[]@!$&'()*+,;= ", ":/?#[]@!$&'()*+,;= "); + + final String string = query.build(CharsetUtil.UTF_8); + Assertions.assertEquals("%3A%2F%3F%23%5B%5D%40%21%24%26%27%28%29%2A%2B%2C%3B%3D%20=" + + "%3A%2F%3F%23%5B%5D%40%21%24%26%27%28%29%2A%2B%2C%3B%3D%20", string); + } } diff --git a/hutool-http/src/main/java/org/dromara/hutool/http/client/body/UrlEncodedFormBody.java b/hutool-http/src/main/java/org/dromara/hutool/http/client/body/UrlEncodedFormBody.java index 1846af1f2..1e1eea1d9 100644 --- a/hutool-http/src/main/java/org/dromara/hutool/http/client/body/UrlEncodedFormBody.java +++ b/hutool-http/src/main/java/org/dromara/hutool/http/client/body/UrlEncodedFormBody.java @@ -52,7 +52,7 @@ public class UrlEncodedFormBody extends FormBody { @Override public void write(final OutputStream out) { - final byte[] bytes = ByteUtil.toBytes(UrlQuery.of(form, true).build(charset), charset); + final byte[] bytes = ByteUtil.toBytes(UrlQuery.of(form, true, false).build(charset), charset); IoUtil.write(out, false, bytes); } diff --git a/hutool-http/src/test/java/org/dromara/hutool/http/IssueI78PB1Test.java b/hutool-http/src/test/java/org/dromara/hutool/http/IssueI78PB1Test.java new file mode 100755 index 000000000..e2725a424 --- /dev/null +++ b/hutool-http/src/test/java/org/dromara/hutool/http/IssueI78PB1Test.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2023 looly(loolly@aliyun.com) + * Hutool is licensed under Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, + * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, + * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +package org.dromara.hutool.http; + +import org.apache.hc.core5.net.URIBuilder; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +import java.net.URISyntaxException; + +public class IssueI78PB1Test { + + /** + * 参考HttpClient对RFC396规范的理解,query中对于分隔符作为内容时,理应编码。 + * + * @throws URISyntaxException 异常 + */ + @Test + void uriBuilderTest() throws URISyntaxException { + final URIBuilder ub = new URIBuilder("https://hutool.cn"); + ub.setPath("/ /"); + ub.addParameter(":/?#[]@!$&'()*+,;= ", ":/?#[]@!$&'()*+,;= "); + final String url = ub.toString(); + Assertions.assertEquals("https://hutool.cn/%20/?" + + "%3A%2F%3F%23%5B%5D%40%21%24%26%27%28%29%2A%2B%2C%3B%3D%20=" + + "%3A%2F%3F%23%5B%5D%40%21%24%26%27%28%29%2A%2B%2C%3B%3D%20", url); + } +}