From d1294c8ae6dceda82b1b870f8030f7d311752ad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Fraudeau?= <22529775+jfraudeau@users.noreply.github.com> Date: Wed, 20 Sep 2023 20:02:59 +0200 Subject: [PATCH 1/4] Fix handling of encoded slash in url path --- Web/Scotty/Route.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Web/Scotty/Route.hs b/Web/Scotty/Route.hs index f688b908..17e0d3e5 100644 --- a/Web/Scotty/Route.hs +++ b/Web/Scotty/Route.hs @@ -115,7 +115,7 @@ matchRoute :: RoutePattern -> Request -> Maybe [Param] matchRoute (Literal pat) req | pat == path req = Just [] | otherwise = Nothing matchRoute (Function fun) req = fun req -matchRoute (Capture pat) req = go (T.split (=='/') pat) (compress $ T.split (=='/') $ path req) [] +matchRoute (Capture pat) req = go (T.split (=='/') pat) (compress $ T.fromStrict <$> "":pathInfo req) [] -- add empty segment to simulate being at the root where go [] [] prs = Just prs -- request string and pattern match! go [] r prs | T.null (mconcat r) = Just prs -- in case request has trailing slashes | otherwise = Nothing -- request string is longer than pattern From d701f6b64d5f2b4e5e3f2f470aec601f22be7540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Fraudeau?= <22529775+jfraudeau@users.noreply.github.com> Date: Sat, 23 Sep 2023 02:51:40 +0200 Subject: [PATCH 2/4] Add test --- test/Web/ScottySpec.hs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/Web/ScottySpec.hs b/test/Web/ScottySpec.hs index 2b47d242..9c5f8a05 100644 --- a/test/Web/ScottySpec.hs +++ b/test/Web/ScottySpec.hs @@ -56,6 +56,10 @@ spec = do it ("properly handles extra slash routes for " ++ method ++ " requests") $ do makeRequest "//scotty" `shouldRespondWith` 200 + withApp (route "/:paramName" $ param "paramName" >>= text) $ do + it ("captures route parameters for " ++ method ++ " requests with url encoded '/' in path") $ do + makeRequest "/a%2Fb" `shouldRespondWith` "a/b" + describe "addroute" $ do forM_ availableMethods $ \method -> do withApp (addroute method "/scotty" $ html "") $ do From f5511ff6a25125f5adb7bde392ef74caa9323ea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Fraudeau?= <22529775+jfraudeau@users.noreply.github.com> Date: Thu, 16 Nov 2023 11:43:04 +0100 Subject: [PATCH 3/4] Fix: remove unnecessary fromStrict --- Web/Scotty/Route.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Web/Scotty/Route.hs b/Web/Scotty/Route.hs index 4f799f77..f140159c 100644 --- a/Web/Scotty/Route.hs +++ b/Web/Scotty/Route.hs @@ -113,7 +113,7 @@ matchRoute :: RoutePattern -> Request -> Maybe [Param] matchRoute (Literal pat) req | pat == path req = Just [] | otherwise = Nothing matchRoute (Function fun) req = fun req -matchRoute (Capture pat) req = go (T.split (=='/') pat) (compress $ T.fromStrict <$> "":pathInfo req) [] -- add empty segment to simulate being at the root +matchRoute (Capture pat) req = go (T.split (=='/') pat) (compress $ "":pathInfo req) [] -- add empty segment to simulate being at the root where go [] [] prs = Just prs -- request string and pattern match! go [] r prs | T.null (mconcat r) = Just prs -- in case request has trailing slashes | otherwise = Nothing -- request string is longer than pattern From f32ffab7ddba7075b594f527d2e572a1119e1924 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Fraudeau?= <22529775+jfraudeau@users.noreply.github.com> Date: Thu, 16 Nov 2023 11:43:25 +0100 Subject: [PATCH 4/4] Fix: replace obsolete use of 'param' --- test/Web/ScottySpec.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Web/ScottySpec.hs b/test/Web/ScottySpec.hs index 660bd562..011a27b4 100644 --- a/test/Web/ScottySpec.hs +++ b/test/Web/ScottySpec.hs @@ -56,7 +56,7 @@ spec = do it ("properly handles extra slash routes for " ++ method ++ " requests") $ do makeRequest "//scotty" `shouldRespondWith` 200 - withApp (route "/:paramName" $ param "paramName" >>= text) $ do + withApp (route "/:paramName" $ captureParam "paramName" >>= text) $ do it ("captures route parameters for " ++ method ++ " requests with url encoded '/' in path") $ do makeRequest "/a%2Fb" `shouldRespondWith` "a/b"