Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v24.2.x] CORE-7738: pp/httpd: Remove extra decode on path param get #23547

Merged

Conversation

vbotbuildovich
Copy link
Collaborator

Backport of PR #23529

seastar::http::request::get_path_param performs URL decoding
automatically. When this path was updated to use the new method,
the pre-existing URL decode behavior was left in place.

This is usually not noticeable because decoding an un-encoded
string is a no-op. However, that's not the case if the decoded
string itself contains URL escape sequences.

For example, given the path parameter "foo%252Fbar":
  - decoded once:   "foo%2Fbar"
  - decoded twice:  "foo/bar"

So this commit removes the "extra" decode step from the PP httpd
module and adds a ducktape test to confirm that URL escape sequences
are preserved in a client-provided subject name, the specific case
that led to this fix.

Unfortunately, get_path_param destroys some information such that
distinguishing between an absent parameter and an ill-formed parameter
is no longer possible. So this commit includes a bit of extra logic
for the nominally unlikely case where get_path_param returns an empty
string.

CORE-7738

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>
(cherry picked from commit bcab3ff)
@vbotbuildovich vbotbuildovich added this to the v24.2.x-next milestone Sep 27, 2024
@vbotbuildovich vbotbuildovich added the kind/backport PRs targeting a stable branch label Sep 27, 2024
@oleiman oleiman self-assigned this Sep 27, 2024
Copy link
Member

@oleiman oleiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clean backport

@oleiman
Copy link
Member

oleiman commented Sep 28, 2024

CI Failures:

@oleiman oleiman merged commit 879499d into redpanda-data:v24.2.x Sep 28, 2024
19 checks passed
@aanthony-rp aanthony-rp modified the milestones: v24.2.x-next, v24.2.6 Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/redpanda kind/backport PRs targeting a stable branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants