[LRUG] Working with bogus URLs

David Salgado david at digitalronin.com
Tue Oct 11 04:45:20 PDT 2011


Thanks, Erik. That's exactly what I was looking for. This works fine;

    uri = Addressable::URI.parse to_url
    r = Net::HTTP.get_response uri.normalize

I'm updating the gem now.

David


On 11 October 2011 10:40, Erik Eide <erik.eide at gmail.com> wrote:
> Hi David
> Have you tried Addressable, it doesn't seem to blow up on your input:
> ruby-1.9.2-p180 :002 >
> Addressable::URI.parse("http://localhost/icinga-web/web/api/service/filter[AND(SERVICE_NAME%7C=%7CIn%20service;AND(SERVICE_CURRENT_STATE%7C!=%7C0))]/countColumn=SERVICE_ID/authkey=xxxxx/json")
>  => #<Addressable::URI:0x260c140
> URI:http://localhost/icinga-web/web/api/service/filter[AND(SERVICE_NAME%7C=%7CIn%20service;AND(SERVICE_CURRENT_STATE%7C!=%7C0))]/countColumn=SERVICE_ID/authkey=xxxxx/json>
> I think it also has a parse_heuristic method that is trying to figure out
> what invalid URLs should be..
> https://github.com/sporkmonger/addressable
> Regards
> Erik
> On Sat, Oct 8, 2011 at 6:15 PM, David Salgado <david at digitalronin.com>
> wrote:
>>
>> Hi Sean
>>
>> > Sorry if I'm stating the obvious but have you tried escaping the
>> > troublesome path components?
>>
>> Sorry, I should have mentioned that yes, I have tried various
>> combinations of CGI.escape and URI.escape/encode
>>
>> Whenever I get to something that URI.parse will accept, I just get a
>> 404 error from the Icinga server!
>>
>> > P.S. What were they smoking when they devised that scheme? I'd like
>> > some.
>>
>> I have a feeling they're just doing a straight paste of whatever
>> parameters are on the URL into an SQL query ... which isn't dangerous
>> at all, of course.
>>
>> D
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>



More information about the Chat mailing list