huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove cookie name decoding (#24264)

This commit is contained in:
Chris Ross 2020-08-13 10:12:16 -07:00 committed by GitHub
parent 0a0e1ad9cb
commit 3e29d0b708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 47 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
eng/PatchConfig.props
View File

@ -74,6 +74,7 @@ Later on, this will be checked using this condition:
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition=" '$(VersionPrefix)' == '2.1.22' "> <PropertyGroup Condition=" '$(VersionPrefix)' == '2.1.22' ">
<PackagesInPatch> <PackagesInPatch>
Microsoft.AspNetCore.Http;
</PackagesInPatch> </PackagesInPatch>
</PropertyGroup> </PropertyGroup>
</Project> </Project>

26
src/Http/Http/src/Internal/RequestCookieCollection.cs
View File

@ -10,6 +10,9 @@ namespace Microsoft.AspNetCore.Http.Internal
{ {
public class RequestCookieCollection : IRequestCookieCollection public class RequestCookieCollection : IRequestCookieCollection
{ {
private const string EnableCookieNameDecoding = "Microsoft.AspNetCore.Http.EnableCookieNameDecoding";
private bool _enableCookieNameDecoding;
public static readonly RequestCookieCollection Empty = new RequestCookieCollection(); public static readonly RequestCookieCollection Empty = new RequestCookieCollection();
private static readonly string[] EmptyKeys = Array.Empty<string>(); private static readonly string[] EmptyKeys = Array.Empty<string>();
private static readonly Enumerator EmptyEnumerator = new Enumerator(); private static readonly Enumerator EmptyEnumerator = new Enumerator();
@ -21,14 +24,15 @@ namespace Microsoft.AspNetCore.Http.Internal
public RequestCookieCollection() public RequestCookieCollection()
{ {
_enableCookieNameDecoding = AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled;
} }
public RequestCookieCollection(Dictionary<string, string> store) public RequestCookieCollection(Dictionary<string, string> store) : this()
{ {
Store = store; Store = store;
} }
public RequestCookieCollection(int capacity) public RequestCookieCollection(int capacity) : this()
{ {
Store = new Dictionary<string, string>(capacity, StringComparer.OrdinalIgnoreCase); Store = new Dictionary<string, string>(capacity, StringComparer.OrdinalIgnoreCase);
} }
@ -57,6 +61,9 @@ namespace Microsoft.AspNetCore.Http.Internal
} }
public static RequestCookieCollection Parse(IList<string> values) public static RequestCookieCollection Parse(IList<string> values)
=> ParseInternal(values, AppContext.TryGetSwitch(EnableCookieNameDecoding, out var enabled) && enabled);
internal static RequestCookieCollection ParseInternal(IList<string> values, bool enableCookieNameDecoding)
{ {
if (values.Count == 0) if (values.Count == 0)
{ {
@ -76,7 +83,11 @@ namespace Microsoft.AspNetCore.Http.Internal
for (var i = 0; i < cookies.Count; i++) for (var i = 0; i < cookies.Count; i++)
{ {
var cookie = cookies[i]; var cookie = cookies[i];
var name = Uri.UnescapeDataString(cookie.Name.Value); var name = cookie.Name.Value;
if (enableCookieNameDecoding)
{
name = Uri.UnescapeDataString(name);
}
var value = Uri.UnescapeDataString(cookie.Value.Value); var value = Uri.UnescapeDataString(cookie.Value.Value);
store[name] = value; store[name] = value;
} }
@ -116,7 +127,8 @@ namespace Microsoft.AspNetCore.Http.Internal
{ {
return false; return false;
} }
return Store.ContainsKey(key); return Store.ContainsKey(key)
|| !_enableCookieNameDecoding && Store.ContainsKey(Uri.EscapeDataString(key));
} }
public bool TryGetValue(string key, out string value) public bool TryGetValue(string key, out string value)
@ -126,7 +138,9 @@ namespace Microsoft.AspNetCore.Http.Internal
value = null; value = null;
return false; return false;
} }
return Store.TryGetValue(key, out value);
return Store.TryGetValue(key, out value)
|| !_enableCookieNameDecoding && Store.TryGetValue(Uri.EscapeDataString(key), out value);
} }
/// <summary> /// <summary>
@ -229,4 +243,4 @@ namespace Microsoft.AspNetCore.Http.Internal
} }
} }
} }
} }

3
src/Http/Http/src/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,3 @@
using System.Runtime.CompilerServices;
[assembly: InternalsVisibleTo("Microsoft.AspNetCore.Http.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]

43
src/Http/Http/test/RequestCookiesCollectionTests.cs
View File

@ -1,6 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved. // Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using System.Linq; using System.Linq;
using Microsoft.AspNetCore.Http.Internal; using Microsoft.AspNetCore.Http.Internal;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
@ -10,30 +11,32 @@ namespace Microsoft.AspNetCore.Http.Tests
{ {
public class RequestCookiesCollectionTests public class RequestCookiesCollectionTests
{ {
public static TheoryData UnEscapesKeyValues_Data [Theory]
[InlineData("key=value", "key", "value")]
[InlineData("__secure-key=value", "__secure-key", "value")]
[InlineData("key%2C=%21value", "key,", "!value")]
[InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
[InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
[InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
public void UnEscapesValues(string input, string expectedKey, string expectedValue)
{ {
get var cookies = RequestCookieCollection.Parse(new StringValues(input));
{
// key, value, expected Assert.Equal(1, cookies.Count);
return new TheoryData<string, string, string> Assert.Equal(Uri.EscapeDataString(expectedKey), cookies.Keys.Single());
{ Assert.Equal(expectedValue, cookies[expectedKey]);
{ "key=value", "key", "value" },
{ "key%2C=%21value", "key,", "!value" },
{ "ke%23y%2C=val%5Eue", "ke#y,", "val^ue" },
{ "base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==" },
{ "base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==" },
};
}
} }
[Theory] [Theory]
[MemberData(nameof(UnEscapesKeyValues_Data))] [InlineData("key=value", "key", "value")]
public void UnEscapesKeyValues( [InlineData("__secure-key=value", "__secure-key", "value")]
string input, [InlineData("key%2C=%21value", "key,", "!value")]
string expectedKey, [InlineData("ke%23y%2C=val%5Eue", "ke#y,", "val^ue")]
string expectedValue) [InlineData("base64=QUI%2BREU%2FRw%3D%3D", "base64", "QUI+REU/Rw==")]
[InlineData("base64=QUI+REU/Rw==", "base64", "QUI+REU/Rw==")]
public void AppContextSwitchUnEscapesKeyValues(string input, string expectedKey, string expectedValue)
{ {
var cookies = RequestCookieCollection.Parse(new StringValues(input)); var cookies = RequestCookieCollection.ParseInternal(new StringValues(input), enableCookieNameDecoding: true);
Assert.Equal(1, cookies.Count); Assert.Equal(1, cookies.Count);
Assert.Equal(expectedKey, cookies.Keys.Single()); Assert.Equal(expectedKey, cookies.Keys.Single());