huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove cookie name decoding (#24264)

This commit is contained in:
Chris Ross 2020-08-13 10:12:16 -07:00 committed by GitHub
parent 0a0e1ad9cb
commit 3e29d0b708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
eng/PatchConfig.props
View File

@ -74,6 +74,7 @@ Later on, this will be checked using this condition:
</PropertyGroup>
<PropertyGroup Condition=" '$(VersionPrefix)' == '2.1.22' ">
<PackagesInPatch>
Microsoft.AspNetCore.Http;
</PackagesInPatch>
</PropertyGroup>
</Project>

26
src/Http/Http/src/Internal/RequestCookieCollection.cs
View File

@ -10,6 +10,9 @@ namespace Microsoft.AspNetCore.Http.Internal
{
public class RequestCookieCollection : IRequestCookieCollection
{
private const string EnableCookieNameDecoding = "Microsoft.AspNetCore.Http.EnableCookieNameDecoding";
private bool _enableCookieNameDecoding;
public static readonly RequestCookieCollection Empty = new RequestCookieCollection();
private static readonly string[] EmptyKeys = Array.Empty<string>();
private static readonly Enumerator EmptyEnumerator = new Enumerator();
@ -21,14 +24,15 @@ namespace Microsoft.AspNetCore.Http.Internal
public RequestCookieCollection()
{
_enableCookieNameDecoding = AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled;
}
public RequestCookieCollection(Dictionary<string, string> store)
public RequestCookieCollection(Dictionary<string, string> store) : this()
{
Store = store;
}
public RequestCookieCollection(int capacity)
public RequestCookieCollection(int capacity) : this()
{
Store = new Dictionary<string, string>(capacity, StringComparer.OrdinalIgnoreCase);
}
@ -57,6 +61,9 @@ namespace Microsoft.AspNetCore.Http.Internal
}
public static RequestCookieCollection Parse(IList<string> values)
=> ParseInternal(values, AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled);
internal static RequestCookieCollection ParseInternal(IList<string> values, bool enableCookieNameDecoding)
{
if (values.Count == 0)
{
@ -76,7 +83,11 @@ namespace Microsoft.AspNetCore.Http.Internal
for (var i = 0; i < cookies.Count; i++)
{
var cookie = cookies[i];
var name = Uri.UnescapeDataString(cookie.Name.Value);
var name = cookie.Name.Value;
if (enableCookieNameDecoding)
{
name = Uri.UnescapeDataString(name);
}
var value = Uri.UnescapeDataString(cookie.Value.Value);
store[name] = value;
}
@ -116,7 +127,8 @@ namespace Microsoft.AspNetCore.Http.Internal
{
return false;
}
return Store.ContainsKey(key);
return Store.ContainsKey(key)
|| !_enableCookieNameDecoding && Store.ContainsKey(Uri.EscapeDataString(key));
}
public bool TryGetValue(string key, out string value)
@ -126,7 +138,9 @@ namespace Microsoft.AspNetCore.Http.Internal
value = null;
return false;
}
return Store.TryGetValue(key, out value);
return Store.TryGetValue(key, out value)
|| !_enableCookieNameDecoding && Store.TryGetValue(Uri.EscapeDataString(key), out value);
}
/// <summary>
@ -229,4 +243,4 @@ namespace Microsoft.AspNetCore.Http.Internal
}
}
}
}
}

3
src/Http/Http/src/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,3 @@
using System.Runtime.CompilerServices;
[assembly: InternalsVisibleTo("Microsoft.AspNetCore.Http.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]

43
src/Http/Http/test/RequestCookiesCollectionTests.cs
View File

@ -1,6 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using System.Linq;
using Microsoft.AspNetCore.Http.Internal;
using Microsoft.Extensions.Primitives;
@ -10,30 +11,32 @@ namespace Microsoft.AspNetCore.Http.Tests
{
public class RequestCookiesCollectionTests
{
public static TheoryData UnEscapesKeyValues_Data
[Theory]
[InlineData("key=value", "key", "value")]
[InlineData("__secure-key=value", "__secure-key", "value")]
[InlineData("key%2C=%21value", "key,", "!value")]
[InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
[InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
[InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
public void UnEscapesValues(string input, string expectedKey, string expectedValue)
{
get
{
// key, value, expected
return new TheoryData<string, string, string>
{
{ "key=value", "key", "value" },
{ "key%2C=%21value", "key,", "!value" },
{ "ke%23y%2C=val%5Eue", "ke#y,", "val^ue" },
{ "base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==" },
{ "base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==" },
};
}
var cookies = RequestCookieCollection.Parse(new StringValues(input));
Assert.Equal(1, cookies.Count);
Assert.Equal(Uri.EscapeDataString(expectedKey), cookies.Keys.Single());
Assert.Equal(expectedValue, cookies[expectedKey]);
}
[Theory]
[MemberData(nameof(UnEscapesKeyValues_Data))]
public void UnEscapesKeyValues(
string input,
string expectedKey,
string expectedValue)
[InlineData("key=value", "key", "value")]
[InlineData("__secure-key=value", "__secure-key", "value")]
[InlineData("key%2C=%21value", "key,", "!value")]
[InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
[InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
[InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
public void AppContextSwitchUnEscapesKeyValues(string input, string expectedKey, string expectedValue)
{
var cookies = RequestCookieCollection.Parse(new StringValues(input));
var cookies = RequestCookieCollection.ParseInternal(new StringValues(input), enableCookieNameDecoding: true);
Assert.Equal(1, cookies.Count);
Assert.Equal(expectedKey, cookies.Keys.Single());