From 1bf5d1a39b974720fd5749534941a3b2693b69e5 Mon Sep 17 00:00:00 2001 From: Daijiro Wachi Date: Wed, 2 Sep 2020 03:23:13 +0900 Subject: [PATCH] querystring: manage percent character at unescape Related: https://github.com/nodejs/node/issues/33892 Fixes: https://github.com/nodejs/node/issues/35012 PR-URL: https://github.com/nodejs/node/pull/35013 Reviewed-By: Joyee Cheung Reviewed-By: Shingo Inoue Reviewed-By: Rich Trott --- lib/querystring.js | 4 ++-- test/parallel/test-querystring.js | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/querystring.js b/lib/querystring.js index 05cca60fc4c57f..4d196633dcf2c7 100644 --- a/lib/querystring.js +++ b/lib/querystring.js @@ -94,13 +94,13 @@ function unescapeBuffer(s, decodeSpaces) { hexHigh = unhexTable[currentChar]; if (!(hexHigh >= 0)) { out[outIndex++] = 37; // '%' + continue; } else { nextChar = s.charCodeAt(++index); hexLow = unhexTable[nextChar]; if (!(hexLow >= 0)) { out[outIndex++] = 37; // '%' - out[outIndex++] = currentChar; - currentChar = nextChar; + index--; } else { hasHex = true; currentChar = hexHigh * 16 + hexLow; diff --git a/test/parallel/test-querystring.js b/test/parallel/test-querystring.js index 7dbd2101dd1a9f..58554f0d85c438 100644 --- a/test/parallel/test-querystring.js +++ b/test/parallel/test-querystring.js @@ -175,7 +175,10 @@ const qsUnescapeTestCases = [ ['there%2Qare%0-fake%escaped values in%%%%this%9Hstring', 'there%2Qare%0-fake%escaped values in%%%%this%9Hstring'], ['%20%21%22%23%24%25%26%27%28%29%2A%2B%2C%2D%2E%2F%30%31%32%33%34%35%36%37', - ' !"#$%&\'()*+,-./01234567'] + ' !"#$%&\'()*+,-./01234567'], + ['%%2a', '%*'], + ['%2sf%2a', '%2sf*'], + ['%2%2af%2a', '%2*f*'] ]; assert.strictEqual(qs.parse('id=918854443121279438895193').id,