Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid character in internet path. #2758

Open
Aphexus opened this issue Nov 27, 2023 · 6 comments
Open

Invalid character in internet path. #2758

Aphexus opened this issue Nov 27, 2023 · 6 comments

Comments

@Aphexus
Copy link

Aphexus commented Nov 27, 2023
edited

XHRPOST C:/Ebooks/Ashby W.R - An Introduction to Cybernetics [Chapman Hall 1956].pdf

400 - Bad Request
Bad Request
Internal error information:

vibe.core.path.PathValidationException@vibe-core-2.2.0\vibe-core\source\vibe\core\path.d(445): Invalid character in internet path.

This is with all chars escaped(I've tried many things). It seems to be the [ ]'s that are failing(even when they are escaped). Other strings work just fine. If I replace the [ ] with, say, - then it works but, of course that is problematic.

I can't seem to escape this in some arbitrary way either such as using %FE and %FF. I guess I can base64 encode everything.

static string validatePath(string path)
@nogc {
	import std.algorithm.comparison : among;

	// skip UNC prefix
	if (path.startsWith("\\\\")) {
		path = path[2 .. $];
		while (path.length && !isSeparator(path[0])) {
			if (path[0] < 32 || path[0].among('<', '>', '|'))
				return "Invalid character in UNC host name.";
			path = path[1 .. $];
		}
		if (path.length) path = path[1 .. $];
	}

	// stricter validation for the rest
	bool had_sep = false;
	foreach (i, char c; path) {
		if (c < 32 || c.among!('<', '>', '|', '?'))
			return "Invalid character in path.";
		if (isSeparator(c)) had_sep = true;
		else if (c == ':' && (had_sep || i+1 < path.length && !isSeparator(path[i+1])))
			return "Colon in path that is not part of a drive name.";

	}
	return null;
}
@s-ludwig
Copy link
Member

This is parsed successfully for me: "C:/Ebooks/Ashby%20W.R%20-%20An%20Introduction%20to%20Cybernetics%20%5BChapman%20Hall%201956%5D.pdf"

You can construct this as cast(InetPath)NativePath("C:/Ebooks/Ashby W.R - An Introduction to Cybernetics [Chapman Hall 1956].pdf")

@Aphexus
Copy link
Author

Aphexus commented Nov 27, 2023

It is not for me. I'm pretty sure I had that string(don't remember exactly but I did encode the ['s ]'s) and it still failed.

function encodeUriAll(v) {
return v.replace(/[^A-Za-z0-9]/g, c =>
%${c.charCodeAt(0).toString(16).toUpperCase()}
);
}

That is what I used to encode the string which gives

C%3A%2FEbooks%2FAshby%20W%2ER%20%2D%20An%20Introduction%20to%20Cybernetics%20%5BChapman%20Hall%201956%5D%2Epdf

Maybe that is overdoing it?

Anyways, I just went to use base64 encoding and it fixed it all.

@s-ludwig
Copy link
Member

C%3A%2FEbooks%2FAshby%20W%2ER%20%2D%20An%20Introduction%20to%20Cybernetics%20%5BChapman%20Hall%201956%5D%2Epdf

Putting this in InetPath() works for me, too, although that will not result in the same path, because the slashes are encoded and don't act as path separators anymore. Maybe there is some double-decoding going on in your case?

@Aphexus
Copy link
Author

Aphexus commented Nov 28, 2023

C%3A%2FEbooks%2FAshby%20W%2ER%20%2D%20An%20Introduction%20to%20Cybernetics%20%5BChapman%20Hall%201956%5D%2Epdf

Putting this in InetPath() works for me, too, although that will not result in the same path, because the slashes are encoded and don't act as path separators anymore. Maybe there is some double-decoding going on in your case?

It's blocking before it gets to my user code. vibe.d is blocking it before I do anything. On the client side I'm using fetch in javascript. My listener function is never reached so I have zero control over it in my project. This is something to do with either vibe.d for javascript or firefox.

I have tried various ways to escape and not escape before I pass it to fetch. So either fetch is messing with the string or it is vibe.d. When escaped, my understanding is that nothing should convert them. vibe.d decodes the special chars at some point though. It seems it is a bug with vibe.d or d on how it handles brackets.

It seems to treat the path as an actual path rather than just a string.

foreach (i, char c; path) {
	if (c < 32 || c.among!('<', '>', '|', '?'))
		return "Invalid character in path.";

If I'm not mistaken that is the exact error string returned. Now there is no check for ['s ]'s and why it's treating the url as a path I have no idea.

Again, it's only because the url I'm sending to the server has []'s in it. This shouldn't matter but it does. somewhere in vibe.d it seems to be doing something funky. I can't debug because visual.d has bugged out lately and now crashes visual studio when using breakpoints.

@Aphexus
Copy link
Author

Aphexus commented Nov 28, 2023

Ok, so this is the first line in my listener:

decode(req.requestPath.to!string);

I put a BP there but VS crashed and maybe it was crashing there but I couldn't check(because the crash is related to visual.d but I might have assumed it doesn't). I assumed my listener wasn't being called because the stack trace didn't show it but maybe I missed something.

I will try to figure it out later.

@PetarKirov
Copy link
Contributor

@Aphexus can you print req.requestPath.to!string before calling decode on it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@s-ludwig @PetarKirov @Aphexus