获得一个开放的与单斜线逃脱 [英] Getting a Uri with escaped slashes on mono
问题描述
更新:修复程序现已取得它的方式进入单 。 !这是个好消息
Update: A fix has now made it's way into mono. This is good news!
更新:增加逻辑来修复片段处理
Updated: Added logic to fix fragment handling.
我。试图发送使用Uri类单声道编码的斜杠的请求。这基本上是单声道相当于此问题的:的GETting的URL与URL编码的斜线
I am trying to send a request with an encoded slash on Mono using the Uri class. This is basically the Mono equivalent of this question: GETting a URL with an url-encoded slash
的问题是,单声道类似于.NET将取消转义任何斜杠它在建造时发现的URI。这个逻辑最初放入就位,以除去如果路径被逃避编码并没有检测到可能发生的漏洞。
The issue is that Mono similar to .NET will unescape any slashes it finds in the Uri when it is constructed. This logic was originally put in in place in order to remove vulnerabilities that could occur if paths were escape encoded and not detected.
在以前的帖子有一个黑客表示通过反射迫使独处逃脱的斜杠上设置底层Uri类标志。此问题已被固定在.NET 4.5,默认情况下逃脱的斜线被允许(正如我在评论中提到的)。
In the previous post there is a hack which shows setting flags on the underlying Uri class via reflection which force the escaped slashes to be left alone. This behavior has been fixed in .NET 4.5 and by default the escaped slashes are allowed (as I mentioned in the comments).
我试图做单一样,但作为Uri类的内部是不同的失败。我想出了这个办法达到我想要的东西,它的作品,但它是非常哈克。
I tried to do the same on Mono, but it fails as the internals of the Uri class are different. I came up with this approach to achieve what I want, which works but it is TERRIBLY hacky.
类节目
{
静态无效的主要(字串[] args)
{
变种的uri =新的URI(的 http://www.yahoo.com/%2F?Foo=Bar%2F#frag );
UriHelper.ForceCanonicalPathAndQuery(URI);
Console.WriteLine(uri.ToString() - + uri.ToString());
Console.WriteLine(uri.AbsoluteUri - + uri.AbsoluteUri);
Console.WriteLine(uri.Host - + uri.Host);
Console.WriteLine(uri.Query - + uri.Query);
Console.WriteLine(uri.PathAndQuery - + uri.PathAndQuery);
Console.WriteLine(uri.AbsolutePath - + uri.AbsolutePath);
Console.WriteLine(uri.Fragment - + uri.Fragment);
}
class Program { static void Main(string[] args) { var uri = new Uri("http://www.yahoo.com/%2F?Foo=Bar%2F#frag"); UriHelper.ForceCanonicalPathAndQuery(uri); Console.WriteLine ("uri.ToString() - " + uri.ToString ()); Console.WriteLine ("uri.AbsoluteUri - " + uri.AbsoluteUri); Console.WriteLine ("uri.Host - " + uri.Host); Console.WriteLine ("uri.Query - " + uri.Query); Console.WriteLine ("uri.PathAndQuery - " + uri.PathAndQuery); Console.WriteLine ("uri.AbsolutePath - " + uri.AbsolutePath); Console.WriteLine ("uri.Fragment - " + uri.Fragment); }
public class UriHelper {
private static Type uriType = typeof(Uri);
private static FieldInfo sourceField;
private static FieldInfo queryField;
private static FieldInfo pathField;
private static FieldInfo cachedToStringField;
private static FieldInfo cachedAbsoluteUriField;
static UriHelper ()
{
sourceField = uriType.GetField ("source", BindingFlags.NonPublic | BindingFlags.Instance);
queryField = uriType.GetField ("query", BindingFlags.NonPublic | BindingFlags.Instance);
pathField = uriType.GetField ("path", BindingFlags.NonPublic | BindingFlags.Instance);
cachedToStringField = uriType.GetField ("cachedToString", BindingFlags.NonPublic | BindingFlags.Instance);
cachedAbsoluteUriField = uriType.GetField ("cachedAbsoluteUri", BindingFlags.NonPublic | BindingFlags.Instance);
}
public static void ForceCanonicalPathAndQuery(Uri uri)
{
var source = (string) sourceField.GetValue (uri);
cachedToStringField.SetValue (uri, source);
cachedAbsoluteUriField.SetValue (uri, source);
var fragPos = source.IndexOf ("#");
var queryPos = source.IndexOf ("?");
var start = source.IndexOf (uri.Host) + uri.Host.Length;
var pathEnd = queryPos == -1 ? fragPos : queryPos;
if (pathEnd == -1)
pathEnd = source.Length+1;
var path = queryPos > -1 ? source.Substring (start, pathEnd - start) : source.Substring (start);
pathField.SetValue (uri, path);
queryField.SetValue(uri, fragPos > -1 ? source.Substring(queryPos, fragPos - queryPos) : source.Substring(queryPos));
}
}
}
}
当你运行它,它输出以下内容:
When you run this, it outputs the following:
uri.ToString() - http://www.yahoo.com/%2F?Foo=Bar%2F#frag
uri.AbsoluteUri - http://www.yahoo.com/%2F?Foo=Bar%2F#frag
uri.Host - www.yahoo.com
uri.Query - ?Foo=Bar%2F
uri.PathAndQuery - /%2F?Foo=Bar%2F
uri.AbsolutePath - /%2F
uri.Fragment - #frag
我根本不感觉良好,但没有工作,至少采取URI并发出查询的基本场景。
I don't at all feel good about it, but it does work, at least for the basic scenario of taking a Uri and issuing a query.
我可能会丢失在Uri类的东西,所以如果你有一个更好的/少做哈克的方式什么,我在这里做,我会很感激。
I might be missing something in the Uri class, so if you have a better / less hacky way to do what I am doing here, I'd really appreciate it.
推荐答案
从原来的问题,它看起来像MS.NET的行为改变了.NET 4.5修复的bug。
From the original question, it looks like the behaviour of MS.NET changed in .NET 4.5 to fix the bug.
事实上,那么,这是不遵守的行为变化,单错误.NET 4.5配置文件。而且似乎已经有人修复了这一错误,并提出了要求拉,问题是,没有人在Mono团队似乎已经找到了审查它的时候:的 https://github.com/mono/mono/pull/619
Indeed, then, it is a bug in mono for not following the behaviour change in the .NET 4.5 profile. And it seems someone already fixed the bug and proposed a pull request, the problem is that nobody in the Mono team seems to have found the time to review it: https://github.com/mono/mono/pull/619
这篇关于获得一个开放的与单斜线逃脱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
