From: andrew@...
Date: 2016-05-09T20:45:42+00:00
Subject: [ruby-core:75423] [Ruby trunk Bug#12363] URI::Generic.build allows	invalid input

Issue #12363 has been updated by Andrew Vit.

ruby -v changed from ruby 2.1.8p440 to ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]

----------------------------------------
Bug #12363: URI::Generic.build allows invalid input
https://bugs.ruby-lang.org/issues/12363#change-58540

* Author: Andrew Vit
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
Reproduce:

~~~
require 'uri'
invalid_host = 'ex_ample.com'
invalid_userinfo = 'uuuu:pp/pp'
uri = URI::Generic.new('http', invalid_userinfo,  invalid_host, 80, nil, '/', nil, nil, nil)
uri.to_s
#=> "http://uuuu:pp/pp@ex_ample.com:80/"

uri.userinfo = uri.userinfo
# raise URI::InvalidComponentError

uri.host = uri.host
# raise URI::InvalidComponentError
~~~

It should be expected that these are already encoded, so invalid characters in URI fields should not be allowed. These should be consistent with writer methods `userinfo=`, `host=`, etc.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>