YUKI Hiroshi
yuki****@clear*****
Mon Oct 6 09:32:22 JST 2014
おお…… > --sanitizeは必要なくなるかも? --sanitizeは現在、query構文のためのサニタイズ(:を除去)に特化しています。 URLエスケープは--escapeの方でやる事にしています。 文脈的には、--escapeが不要になるということでしょうか? HTTP形式のリクエストに使うための単語リストを作るという用途を考えると、依 然として必要ではないかと思うのですが、どうでしょうか。 On 2014/10/06 8:00, Kouhei Sutou wrote: >> +def escape_for_param(value) >> + URI.escape(URI.escape(value.to_s), /[;&]/) >> end > > 実は、URI.escapeって仕様がまずいということがわかってobsolete > になったんですよ。 > > http://rurema.clear-code.com/2.1.0/method/URI/s/encode.html > > 代わりにCGI.escape(value)を使ってください! > > http://rurema.clear-code.com/2.1.0/method/CGI/s/escape.html > > --sanitizeは必要なくなるかも? > > In <38af0e9cb9a525acfb6a365720acfee829df765f �� jenkins.clear-code.com> > "[Groonga-commit] droonga/drnbench �� 38af0e9 [master] Split options to sanitaize and escape." on Sat, 04 Oct 2014 20:34:26 +0900, > SHIMODA "Piro" Hiroshi <null+groonga �� clear-code.com> wrote: > >> SHIMODA "Piro" Hiroshi 2014-10-04 20:34:26 +0900 (Sat, 04 Oct 2014) >> >> New Revision: 38af0e9cb9a525acfb6a365720acfee829df765f >> https://github.com/droonga/drnbench/commit/38af0e9cb9a525acfb6a365720acfee829df765f >> >> Message: >> Split options to sanitaize and escape. >> >> And, escape "&", ";" also for a query parameter. >> >> Modified files: >> bin/drnbench-extract-searchterms >> >> Modified: bin/drnbench-extract-searchterms (+13 -3) >> =================================================================== >> --- bin/drnbench-extract-searchterms 2014-10-04 20:24:23 +0900 (2e5f6f4) >> +++ bin/drnbench-extract-searchterms 2014-10-04 20:34:26 +0900 (e4b711d) >> @@ -19,9 +19,11 @@ require "drnbench" >> require "ostruct" >> require "optparse" >> require "json" >> +require "uri" >> >> options = OpenStruct.new >> options.column_index = 0 >> +options.sanitize = false >> options.escape = false >> >> option_parser = OptionParser.new do |parser| >> @@ -32,6 +34,10 @@ option_parser = OptionParser.new do |parser| >> "(#{options.output_column_index})") do |index| >> options.column_index = index >> end >> + parser.on("--sanitize", >> + "Sanitize dangerous characters for \"query\" parameter") do >> + options.sanitize = true >> + end >> parser.on("--escape", >> "Escape output for URL parameter") do >> options.escape = true >> @@ -40,11 +46,14 @@ end >> >> groonga_select_result_files = option_parser.parse!(ARGV) >> >> -def sanitize_for_param(value) >> +def sanitize_for_query(value) >> value.to_s >> .gsub(/[:;]/, " ") >> .strip >> - .gsub(/ +/, "%20") >> +end >> + >> +def escape_for_param(value) >> + URI.escape(URI.escape(value.to_s), /[;&]/) >> end >> >> def output_column_value(select_result, column_index) >> @@ -54,7 +63,8 @@ def output_column_value(select_result, column_index) >> records = search_result[2..-1] >> records.each do |record| >> value = record[column_index] >> - value = sanitize_for_param(value) if options.escape >> + value = sanitize_for_query(value) if options.sanitize >> + value = escape_for_param(value) if options.escape >> puts(value) >> end >> end > > _______________________________________________ > Groonga-commit mailing list > Groonga-commit �� lists.sourceforge.jp > http://lists.sourceforge.jp/mailman/listinfo/groonga-commit > -- 結城 洋志 <YUKI Hiroshi> E-mail: yuki �� clear-code.com 株式会社クリアコード 〒113-0033 東京都文京区本郷3-27-12 本郷デントビル2階 TEL : 03-6231-7270 FAX : 03-6231-7271 WWW : http://www.clear-code.com/
