2023-07-23 17:29:36 (UTC-03:00)

Marcel Rodrigues <marcelgmr@gmail.com>

properly decode query string

diff --git a/lib/ludweb/http.lua b/lib/ludweb/http.lua
index f17b108..caa15aa 100644
--- a/lib/ludweb/http.lua
+++ b/lib/ludweb/http.lua
@@ -1,11 +1,24 @@
 local tcp = require "ludweb.tcp"
 
-local function parse_query(query_str)
+local function percent_decode(str)
+    local repl = function (match)
+        return string.char(tonumber(match, 16))
+    end
+    return str:gsub("%%(%x%x)", repl)
+end
+
+local function parse_query(query_str, space_as_plus)
     local query = {}
     if #query_str > 0 then
         for pair in (query_str.."&"):gmatch("([^&]*)&") do
             local key, val = pair:match("([^=]*)=(.*)")
             if key ~= nil then
+                if space_as_plus then
+                    key = key:gsub("+", " ")
+                    val = val:gsub("+", " ")
+                end
+                key = percent_decode(key)
+                val = percent_decode(val)
                 query[key] = val
             end
         end
@@ -54,7 +67,7 @@ local function parse_request(data)
     if req.headers["content-type"] == "application/x-www-form-urlencoded" then
         local query_str = req.payload
         query_str = query_str:sub(1, #query_str-1)
-        req.form = parse_query(query_str)
+        req.form = parse_query(query_str, true)
     end
     req.cookies = parse_cookies(req.headers.cookie)
     return req