Check for invalid hex escapes in URI#query=

Fixes [Bug #11275]
author: Jeremy Evans <code@jeremyevans.net> 2019-07-05 14:45:19 -0700
committer: Jeremy Evans <code@jeremyevans.net> 2019-10-08 07:30:55 -0700
commit: 7909f06212ae8df6ba7203f8152292a190b2b33a (patch)
tree: 339f267dae1220e0c60b74bfb560371a88869833
parent: 8feb8c9bb7e9036ee2014b0f532677635a16893e (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
index ea79e7950a..c672d15eb2 100644
--- a/lib/uri/generic.rb
+++ b/lib/uri/generic.rb
@@ -836,6 +836,7 @@ module URI
       v.encode!(Encoding::UTF_8) rescue nil
       v.delete!("\t\r\n")
       v.force_encoding(Encoding::ASCII_8BIT)
+      raise InvalidURIError, "invalid percent escape: #{$1}" if /(%\H\H)/n.match(v)
       v.gsub!(/(?!%\h\h|[!$-&(-;=?-_a-~])./n.freeze){'%%%02X' % $&.ord}
       v.force_encoding(Encoding::US_ASCII)
       @query = v
diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
index 088628a3fb..b13a26ca84 100644
--- a/test/uri/test_parser.rb
+++ b/test/uri/test_parser.rb
@@ -40,6 +40,11 @@ class URI::TestParser < Test::Unit::TestCase
 		 uri_to_ary(u1))
   end
 
+  def test_parse_query_pct_encoded
+    assert_equal('q=%32!$&-/?.09;=:@AZ_az~', URI.parse('https://www.example.com/search?q=%32!$&-/?.09;=:@AZ_az~').query)
+    assert_raise(URI::InvalidURIError) { URI.parse('https://www.example.com/search?q=%XX') }
+  end
+
   def test_raise_bad_uri_for_integer
     assert_raise(URI::InvalidURIError) do
       URI.parse(1)
author	Jeremy Evans <code@jeremyevans.net>	2019-07-05 14:45:19 -0700
committer	Jeremy Evans <code@jeremyevans.net>	2019-10-08 07:30:55 -0700
commit	7909f06212ae8df6ba7203f8152292a190b2b33a (patch)
tree	339f267dae1220e0c60b74bfb560371a88869833
parent	8feb8c9bb7e9036ee2014b0f532677635a16893e (diff)