From 8a3c3b9c95955bba7f143c44136a043568d88b94 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 9 Apr 2010 11:58:20 +0000
Subject: [PATCH] * lib/uri/common.rb (decode_www_form): don't ignore leading
 '?'.   [ruby-dev:40938]

* lib/uri/common.rb (decode_www_form): check whether argument is
  valid application/x-www-form-urlencoded data.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog               | 8 ++++++++
 lib/uri/common.rb       | 9 ++++++---
 test/uri/test_common.rb | 8 +++++++-
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b59dd16bf5..86967107f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Fri Apr  9 20:54:10 2010  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* lib/uri/common.rb (decode_www_form): don't ignore leading '?'.
+	  [ruby-dev:40938]
+
+	* lib/uri/common.rb (decode_www_form): check whether argument is
+	  valid application/x-www-form-urlencoded data.
+
 Fri Apr  9 20:29:13 2010  Yusuke Endoh  <mame@tsg.ne.jp>
 
 	* dir.c (push_glob): clear up the previous commit (RB_GC_GUARD can
diff --git a/lib/uri/common.rb b/lib/uri/common.rb
index 5d0d95fb3f..a20ce0c981 100644
--- a/lib/uri/common.rb
+++ b/lib/uri/common.rb
@@ -805,6 +805,9 @@ module URI
     str
   end
 
+  # :nodoc:
+  WFKV_ = '(?:%\h\h|[^%#=;&])'
+
   # Decode URL-encoded form data from given +str+.
   #
   # This decodes application/x-www-form-urlencoded data
@@ -826,11 +829,11 @@ module URI
   #
   # See URI.decode_www_form_component, URI.encode_www_form
   def self.decode_www_form(str, enc=Encoding::UTF_8)
-    ary = []
-    unless /\A\??(?<query>[^=;&]*=[^;&]*(?:[;&][^=;&]*=[^;&]*)*)\z/ =~ str
+    unless /\A#{WFKV_}*=#{WFKV_}*(?:[;&]#{WFKV_}*=#{WFKV_}*)*\z/o =~ str
       raise ArgumentError, "invalid data of application/x-www-form-urlencoded (#{str})"
     end
-    query.scan(/([^=;&]+)=([^;&]*)/) do
+    ary = []
+    $&.scan(/([^=;&]+)=([^;&]*)/) do
       ary << [decode_www_form_component($1, enc), decode_www_form_component($2, enc)]
     end
     ary
diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb
index 9f39e843d3..5e575e21a6 100644
--- a/test/uri/test_common.rb
+++ b/test/uri/test_common.rb
@@ -86,7 +86,13 @@ class TestCommon < Test::Unit::TestCase
   def test_decode_www_form
     assert_equal([%w[a 1], %w[a 2]], URI.decode_www_form("a=1&a=2"))
     assert_equal([%w[a 1], ["\u3042", "\u6F22"]],
-                 URI.decode_www_form("a=1&%E3%81%82=%E6%BC%A2"))
+                 URI.decode_www_form("a=1;%E3%81%82=%E6%BC%A2"))
+    assert_equal([%w[?a 1], %w[a 2]], URI.decode_www_form("?a=1&a=2"))
+    assert_raise(ArgumentError){URI.decode_www_form("%=1")}
+    assert_raise(ArgumentError){URI.decode_www_form("a=%")}
+    assert_raise(ArgumentError){URI.decode_www_form("a=1&%=2")}
+    assert_raise(ArgumentError){URI.decode_www_form("a=1&b=%")}
+    assert_raise(ArgumentError){URI.decode_www_form("a&b")}
   end
 end