775216 - Storage Server: Percent decode query string parameters

Status: RESOLVED FIXED

(Cloud Services :: Firefox: Common, defect)

Description

[Gregory Szorc [:gps]]

The JS storage server does not percent decode query string parameters. As a result, clients that percent encoded query strings parameters containing commas break the server.

See also bug 775208.

Comment 1

[Gregory Szorc [:gps]]

Attachment: Percent decode query string components

Trivial patch. Pretty sure this is the only place in the server where we split on commas.

The xpcshell tests for the server are pretty sparse and most functionality is tested via the Python functional tests. We also have redundant coverage via the client xpcshell tests. So, I don't think it is necessary to explicitly verify that query strings without percent encoding work.

mconnor receives review due to snarky comment directed towards me on IRC ;)

Comment 2

[Gregory Szorc [:gps]]

Comment on attachment 643504 [details] [diff] [review]
Percent decode query string components

Seeking quicker review.

Comment 3

[Richard Newman [:rnewman]]

Comment on attachment 643504 [details] [diff] [review]
Percent decode query string components

Review of attachment 643504 [details] [diff] [review]:
-----------------------------------------------------------------

::: services/common/storageserver.js
@@ +620,1 @@
>        }

You wanna throw for

  ?foo=bar=baz&noo=bar

(i.e., chunk.length > 2)?

Comment 4

[Gregory Szorc [:gps]]

https://hg.mozilla.org/services/services-central/rev/9118f77e3dbd

Did not address review comment because I think URL parsers should be lenient and allow extra unescaped equals signs.

Comment 5

[Gregory Szorc [:gps]]

https://hg.mozilla.org/mozilla-central/rev/9118f77e3dbd