Merge pull request #5990 from BaronGreenback/UrlDecoding
This commit is contained in:
Claus Vium
GitHub
commit
93387ba235
|
|
@ -78,6 +78,16 @@ namespace Jellyfin.Server.Extensions
|
|||
return appBuilder.UseMiddleware<LanFilteringMiddleware>();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Enables url decoding before binding to the application pipeline.
|
||||
/// </summary>
|
||||
/// <param name="appBuilder">The <see cref="IApplicationBuilder"/>.</param>
|
||||
/// <returns>The updated application builder.</returns>
|
||||
public static IApplicationBuilder UseQueryStringDecoding(this IApplicationBuilder appBuilder)
|
||||
{
|
||||
return appBuilder.UseMiddleware<QueryStringDecodingMiddleware>();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Adds base url redirection to the application pipeline.
|
||||
/// </summary>
|
||||
|
|
|
|||
35
Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
Normal file
35
Jellyfin.Server/Middleware/QueryStringDecodingMiddleware.cs
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Http.Features;
|
||||
|
||||
namespace Jellyfin.Server.Middleware
|
||||
{
|
||||
/// <summary>
|
||||
/// URL decodes the querystring before binding.
|
||||
/// </summary>
|
||||
public class QueryStringDecodingMiddleware
|
||||
{
|
||||
private readonly RequestDelegate _next;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="QueryStringDecodingMiddleware"/> class.
|
||||
/// </summary>
|
||||
/// <param name="next">The next delegate in the pipeline.</param>
|
||||
public QueryStringDecodingMiddleware(RequestDelegate next)
|
||||
{
|
||||
_next = next;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Executes the middleware action.
|
||||
/// </summary>
|
||||
/// <param name="httpContext">The current HTTP context.</param>
|
||||
/// <returns>The async task.</returns>
|
||||
public async Task Invoke(HttpContext httpContext)
|
||||
{
|
||||
httpContext.Features.Set<IQueryFeature>(new UrlDecodeQueryFeature(httpContext.Features.Get<IQueryFeature>()));
|
||||
|
||||
await _next(httpContext).ConfigureAwait(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
86
Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
Normal file
86
Jellyfin.Server/Middleware/UrlDecodeQueryFeature.cs
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Web;
|
||||
using MediaBrowser.Common.Extensions;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Http.Features;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
|
||||
namespace Jellyfin.Server.Middleware
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the <see cref="UrlDecodeQueryFeature"/>.
|
||||
/// </summary>
|
||||
public class UrlDecodeQueryFeature : IQueryFeature
|
||||
{
|
||||
private IQueryCollection? _store;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="UrlDecodeQueryFeature"/> class.
|
||||
/// </summary>
|
||||
/// <param name="feature">The <see cref="IQueryFeature"/> instance.</param>
|
||||
public UrlDecodeQueryFeature(IQueryFeature feature)
|
||||
{
|
||||
Query = feature.Query;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a value indicating the url decoded <see cref="IQueryCollection"/>.
|
||||
/// </summary>
|
||||
public IQueryCollection Query
|
||||
{
|
||||
get
|
||||
{
|
||||
return _store ?? QueryCollection.Empty;
|
||||
}
|
||||
|
||||
set
|
||||
{
|
||||
// Only interested in where the querystring is encoded which shows up as one key with nothing in the value.
|
||||
if (value.Count != 1)
|
||||
{
|
||||
_store = value;
|
||||
return;
|
||||
}
|
||||
|
||||
// Encoded querystrings have no value, so don't process anything if a value is present.
|
||||
var (key, stringValues) = value.First();
|
||||
if (!string.IsNullOrEmpty(stringValues))
|
||||
{
|
||||
_store = value;
|
||||
return;
|
||||
}
|
||||
|
||||
// Unencode and re-parse querystring.
|
||||
var unencodedKey = HttpUtility.UrlDecode(key);
|
||||
|
||||
if (string.Equals(unencodedKey, key, System.StringComparison.Ordinal))
|
||||
{
|
||||
// Don't do anything if it's not encoded.
|
||||
_store = value;
|
||||
return;
|
||||
}
|
||||
|
||||
var pairs = new Dictionary<string, StringValues>();
|
||||
var queryString = unencodedKey.SpanSplit('&');
|
||||
|
||||
foreach (var pair in queryString)
|
||||
{
|
||||
var i = pair.IndexOf('=');
|
||||
|
||||
if (i == -1)
|
||||
{
|
||||
// encoded is an equals.
|
||||
pairs.Add(pair[..i].ToString(), StringValues.Empty);
|
||||
continue;
|
||||
}
|
||||
|
||||
pairs.Add(pair[..i].ToString(), new StringValues(pair[(i + 1)..].ToString()));
|
||||
}
|
||||
|
||||
_store = new QueryCollection(pairs);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -160,6 +160,7 @@ namespace Jellyfin.Server
|
|||
|
||||
mainApp.UseAuthentication();
|
||||
mainApp.UseJellyfinApiSwagger(_serverConfigurationManager);
|
||||
mainApp.UseQueryStringDecoding();
|
||||
mainApp.UseRouting();
|
||||
mainApp.UseAuthorization();
|
||||
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@
|
|||
<ItemGroup>
|
||||
<ProjectReference Include="..\..\Emby.Server.Implementations\Emby.Server.Implementations.csproj" />
|
||||
<ProjectReference Include="..\..\Jellyfin.Server.Implementations\Jellyfin.Server.Implementations.csproj" />
|
||||
<ProjectReference Include="..\Jellyfin.Server.Integration.Tests\Jellyfin.Server.Integration.Tests.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Jellyfin.Api.Controllers
|
||||
{
|
||||
/// <summary>
|
||||
/// Controller for testing the encoded url.
|
||||
/// </summary>
|
||||
public class EncoderController : BaseJellyfinApiController
|
||||
{
|
||||
/// <summary>
|
||||
/// Tests the url decoding.
|
||||
/// </summary>
|
||||
/// <param name="params">Parameters to echo back in the response.</param>
|
||||
/// <returns>An <see cref="OkResult"/>.</returns>
|
||||
/// <response code="200">Information retrieved.</response>
|
||||
[HttpGet("UrlDecode")]
|
||||
[ProducesResponseType(StatusCodes.Status200OK)]
|
||||
public ContentResult TestUrlDecoding([FromQuery] Dictionary<string, string>? @params = null)
|
||||
{
|
||||
return new ContentResult()
|
||||
{
|
||||
Content = (@params != null && @params.Count > 0)
|
||||
? string.Join("&", @params.Select(x => x.Key + "=" + x.Value))
|
||||
: string.Empty,
|
||||
ContentType = "text/plain; charset=utf-8",
|
||||
StatusCode = 200
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
using System.Net;
|
||||
using System.Threading.Tasks;
|
||||
using Xunit;
|
||||
|
||||
namespace Jellyfin.Server.Integration.Tests
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the test for encoded querystrings in the url.
|
||||
/// </summary>
|
||||
public class EncodedQueryStringTest : IClassFixture<JellyfinApplicationFactory>
|
||||
{
|
||||
private readonly JellyfinApplicationFactory _factory;
|
||||
|
||||
public EncodedQueryStringTest(JellyfinApplicationFactory factory)
|
||||
{
|
||||
_factory = factory;
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData("a=1&b=2&c=3", "a=1&b=2&c=3")] // won't be processed as there is more than 1.
|
||||
[InlineData("a=1", "a=1")] // won't be processed as it has a value
|
||||
[InlineData("a%3D1%26b%3D2%26c%3D3", "a=1&b=2&c=3")] // will be processed.
|
||||
public async Task Ensure_Decoding_Of_Urls_Is_Working(string sourceUrl, string unencodedUrl)
|
||||
{
|
||||
var client = _factory.CreateClient();
|
||||
|
||||
var response = await client.GetAsync("Encoder/UrlDecode?" + sourceUrl).ConfigureAwait(false);
|
||||
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
||||
string reply = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
|
||||
Assert.Equal(unencodedUrl, reply);
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user