1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
| | module Rack
class QueryParser
DEFAULT_SEP = /[&;] */n
COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
# ParameterTypeError is the error that is raised when incoming structural
# parameters (parsed by parse_nested_query) contain conflicting types.
class ParameterTypeError < TypeError; end
# InvalidParameterError is the error that is raised when incoming structural
# parameters (parsed by parse_nested_query) contain invalid format or byte
# sequence.
class InvalidParameterError < ArgumentError; end
def self.make_default(key_space_limit, param_depth_limit)
new Params, key_space_limit, param_depth_limit
end
attr_reader :key_space_limit, :param_depth_limit
def initialize(params_class, key_space_limit, param_depth_limit)
@params_class = params_class
@key_space_limit = key_space_limit
@param_depth_limit = param_depth_limit
end
# Stolen from Mongrel, with some small modifications:
# Parses a query string by breaking it up at the '&'
# and ';' characters. You can also use this to parse
# cookies by changing the characters used in the second
# parameter (which defaults to '&;').
def parse_query(qs, d = nil, &unescaper)
unescaper ||= method(:unescape)
params = make_params
(qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
next if p.empty?
k, v = p.split('='.freeze, 2).map!(&unescaper)
if cur = params[k]
if cur.class == Array
params[k] << v
else
params[k] = [cur, v]
end
else
params[k] = v
end
end
return params.to_params_hash
end
# parse_nested_query expands a query string into structural types. Supported
# types are Arrays, Hashes and basic value types. It is possible to supply
# query strings with parameters of conflicting types, in this case a
# ParameterTypeError is raised. Users are encouraged to return a 400 in this
# case.
def parse_nested_query(qs, d = nil)
return {} if qs.nil? || qs.empty?
params = make_params
(qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
k, v = p.split('='.freeze, 2).map! { |s| unescape(s) }
normalize_params(params, k, v, param_depth_limit)
end
return params.to_params_hash
rescue ArgumentError => e
raise InvalidParameterError, e.message
end
# normalize_params recursively expands parameters into structural types. If
# the structural types represented by two different parameter names are in
# conflict, a ParameterTypeError is raised.
def normalize_params(params, name, v, depth)
raise RangeError if depth <= 0
name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
k = $1 || ''.freeze
after = $' || ''.freeze
if k.empty?
if !v.nil? && name == "[]".freeze
return Array(v)
else
return
end
end
if after == ''.freeze
params[k] = v
elsif after == "[".freeze
params[name] = v
elsif after == "[]".freeze
params[k] ||= []
raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
params[k] << v
elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
child_key = $1
params[k] ||= []
raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
normalize_params(params[k].last, child_key, v, depth - 1)
else
params[k] << normalize_params(make_params, child_key, v, depth - 1)
end
else
params[k] ||= make_params
raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
params[k] = normalize_params(params[k], after, v, depth - 1)
end
params
end
def make_params
@params_class.new @key_space_limit
end
def new_space_limit(key_space_limit)
self.class.new @params_class, key_space_limit, param_depth_limit
end
def new_depth_limit(param_depth_limit)
self.class.new @params_class, key_space_limit, param_depth_limit
end
private
def params_hash_type?(obj)
obj.kind_of?(@params_class)
end
def params_hash_has_key?(hash, key)
return false if key =~ /\[\]/
key.split(/[\[\]]+/).inject(hash) do |h, part|
next h if part == ''
return false unless params_hash_type?(h) && h.key?(part)
h[part]
end
true
end
def unescape(s)
Utils.unescape(s)
end
class Params
def initialize(limit)
@limit = limit
@size = 0
@params = {}
end
def [](key)
@params[key]
end
def []=(key, value)
@size += key.size if key && !@params.key?(key)
raise RangeError, 'exceeded available parameter key space' if @size > @limit
@params[key] = value
end
def key?(key)
@params.key?(key)
end
def to_params_hash
hash = @params
hash.keys.each do |key|
value = hash[key]
if value.kind_of?(self.class)
if value.object_id == self.object_id
hash[key] = hash
else
hash[key] = value.to_params_hash
end
elsif value.kind_of?(Array)
value.map! {|x| x.kind_of?(self.class) ? x.to_params_hash : x}
end
end
hash
end
end
end
end
|