From 7909f06212ae8df6ba7203f8152292a190b2b33a Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Fri, 5 Jul 2019 14:45:19 -0700
Subject: Check for invalid hex escapes in URI#query=

Fixes [Bug #11275]
---
 lib/uri/generic.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib/uri')

diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb
index ea79e7950a..c672d15eb2 100644
--- a/lib/uri/generic.rb
+++ b/lib/uri/generic.rb
@@ -836,6 +836,7 @@ module URI
       v.encode!(Encoding::UTF_8) rescue nil
       v.delete!("\t\r\n")
       v.force_encoding(Encoding::ASCII_8BIT)
+      raise InvalidURIError, "invalid percent escape: #{$1}" if /(%\H\H)/n.match(v)
       v.gsub!(/(?!%\h\h|[!$-&(-;=?-_a-~])./n.freeze){'%%%02X' % $&.ord}
       v.force_encoding(Encoding::US_ASCII)
       @query = v
-- 
cgit v1.2.3