[LRUG] Working with bogus URLs

Erik Eide erik.eide at gmail.com
Tue Oct 11 02:40:14 PDT 2011


Hi David

Have you tried Addressable, it doesn't seem to blow up on your input:

ruby-1.9.2-p180 :002 > Addressable::URI.parse("
http://localhost/icinga-web/web/api/service/filter[AND(SERVICE_NAME%7C=%7CIn%20service;AND(SERVICE_CURRENT_STATE%7C!=%7C0))]/countColumn=SERVICE_ID/authkey=xxxxx/json
")
 => #<Addressable::URI:0x260c140 URI:
http://localhost/icinga-web/web/api/service/filter[AND(SERVICE_NAME%7C=%7CIn%20service;AND(SERVICE_CURRENT_STATE%7C!=%7C0))]/countColumn=SERVICE_ID/authkey=xxxxx/json
>

I think it also has a parse_heuristic method that is trying to figure out
what invalid URLs should be..

https://github.com/sporkmonger/addressable

Regards
Erik

On Sat, Oct 8, 2011 at 6:15 PM, David Salgado <david at digitalronin.com>wrote:

> Hi Sean
>
> > Sorry if I'm stating the obvious but have you tried escaping the
> > troublesome path components?
>
> Sorry, I should have mentioned that yes, I have tried various
> combinations of CGI.escape and URI.escape/encode
>
> Whenever I get to something that URI.parse will accept, I just get a
> 404 error from the Icinga server!
>
> > P.S. What were they smoking when they devised that scheme? I'd like some.
>
> I have a feeling they're just doing a straight paste of whatever
> parameters are on the URL into an SQL query ... which isn't dangerous
> at all, of course.
>
> D
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20111011/21da727f/attachment-0003.html>


More information about the Chat mailing list