diff --git a/ChangeLog b/ChangeLog index 3a6cb7b4a..55f53eb79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ * Source/NSURLHandle.m: ([resourceData]) make sure value returned is autoreleased. + * Source/NSURL.m: Parse string a bit more strictly according to RFC 2007-01-16 Nicola Pero diff --git a/Source/NSURL.m b/Source/NSURL.m index 4b996b7d9..45a884b14 100644 --- a/Source/NSURL.m +++ b/Source/NSURL.m @@ -627,6 +627,10 @@ static unsigned urlAlign; - (id) initWithString: (NSString*)aUrlString relativeToURL: (NSURL*)aBaseUrl { + /* RFC 2396 'reserved' characters ... + */ + static const char *reserved = ";/?:@&=+$,"; + if (aUrlString == nil) { [NSException raise: NSInvalidArgumentException @@ -879,6 +883,11 @@ static unsigned urlAlign; if (buf->fragment == 0 && base != 0) { buf->fragment = base->fragment; + if (legal(buf->fragment, reserved) == NO) + { + [NSException raise: NSGenericException format: + @"illegal character in fragment part"]; + } } } @@ -899,6 +908,11 @@ static unsigned urlAlign; if (buf->query == 0 && base != 0) { buf->query = base->query; + if (legal(buf->query, reserved) == NO) + { + [NSException raise: NSGenericException format: + @"illegal character in query part"]; + } } } @@ -919,6 +933,11 @@ static unsigned urlAlign; if (buf->parameters == 0 && base != 0) { buf->parameters = base->parameters; + if (legal(buf->parameters, reserved) == NO) + { + [NSException raise: NSGenericException format: + @"illegal character in parameters part"]; + } } } @@ -944,6 +963,11 @@ static unsigned urlAlign; * Store the path. */ buf->path = start; + if (legal(buf->path, reserved) == NO) + { + [NSException raise: NSGenericException format: + @"illegal character in path part"]; + } } NS_HANDLER {