From: naruse@...
Date: 2016-05-10T10:55:52+00:00
Subject: [ruby-core:75445] [Ruby trunk Bug#12363][Rejected] URI::Generic.build allows invalid input

Issue #12363 has been updated by Yui NARUSE.

Status changed from Open to Rejected

URI::Generic.new has 11th argument named arg_check even though its default is false.

```
irb(main):006:0> uri = URI::Generic.new('http', invalid_userinfo,  invalid_host, 80, nil, '/', nil, nil, nil,nil, true)
URI::InvalidComponentError: bad component(expected user component): pp/pp
        from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:430:in `check_password'
        from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:380:in `check_userinfo'
        from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:445:in `userinfo='
        from /home/naruse/.rbenv/versions/2.3.1/lib/ruby/2.3.0/uri/generic.rb:188:in `initialize'
        from (irb):6:in `new'
        from (irb):6
        from /home/naruse/.rbenv/versions/2.3.1/bin/irb:11:in `<main>'
```

----------------------------------------
Bug #12363: URI::Generic.build allows invalid input
https://bugs.ruby-lang.org/issues/12363#change-58564

* Author: Andrew Vit
* Status: Rejected
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
Reproduce:

~~~
require 'uri'
invalid_host = 'ex_ample.com'
invalid_userinfo = 'uuuu:pp/pp'
uri = URI::Generic.new('http', invalid_userinfo,  invalid_host, 80, nil, '/', nil, nil, nil)
uri.to_s
#=> "http://uuuu:pp/pp@ex_ample.com:80/"

uri.userinfo = uri.userinfo
# raise URI::InvalidComponentError

uri.host = uri.host
# raise URI::InvalidComponentError
~~~

It should be expected that these are already encoded, so invalid characters in URI fields should not be allowed. These should be consistent with writer methods `userinfo=`, `host=`, etc.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>