diff options
author | Katie Hockman <katie@golang.org> | 2021-06-07 14:29:43 -0400 |
---|---|---|
committer | Katie Hockman <katie@golang.org> | 2021-06-09 15:44:42 +0000 |
commit | e6dda19888180c5159460486d30c0412e4980748 (patch) | |
tree | 27aec65d554d26ee8ac78c5a5b3904dcbe1737db /src/net/http/request.go | |
parent | 139e935d3cc8d38c9adc7ff7de8a87c28fe339c6 (diff) | |
download | go-e6dda19888180c5159460486d30c0412e4980748.tar.gz go-e6dda19888180c5159460486d30c0412e4980748.zip |
net/url: reject query values with semicolons
Semicolons are no longer valid separators, so
net/url.ParseQuery will now return an error
if any part of the query contains a semicolon.
net/http.(*Request).ParseMultipartForm has been
changed to fall through and continue parsing
even if the call to (*Request).ParseForm fails.
This change also includes a few minor refactors
to existing tests.
Fixes #25192
Change-Id: Iba3f108950fb99b9288e402c41fe71ca3a2ababd
Reviewed-on: https://go-review.googlesource.com/c/go/+/325697
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src/net/http/request.go')
-rw-r--r-- | src/net/http/request.go | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/net/http/request.go b/src/net/http/request.go index 7895417af5..09cb0c7f56 100644 --- a/src/net/http/request.go +++ b/src/net/http/request.go @@ -1293,16 +1293,18 @@ func (r *Request) ParseForm() error { // its file parts are stored in memory, with the remainder stored on // disk in temporary files. // ParseMultipartForm calls ParseForm if necessary. +// If ParseForm returns an error, ParseMultipartForm returns it but also +// continues parsing the request body. // After one call to ParseMultipartForm, subsequent calls have no effect. func (r *Request) ParseMultipartForm(maxMemory int64) error { if r.MultipartForm == multipartByReader { return errors.New("http: multipart handled by MultipartReader") } + var parseFormErr error if r.Form == nil { - err := r.ParseForm() - if err != nil { - return err - } + // Let errors in ParseForm fall through, and just + // return it at the end. + parseFormErr = r.ParseForm() } if r.MultipartForm != nil { return nil @@ -1329,7 +1331,7 @@ func (r *Request) ParseMultipartForm(maxMemory int64) error { r.MultipartForm = f - return nil + return parseFormErr } // FormValue returns the first value for the named component of the query. |