[go] net/http: remove warning when parsing a query containing a semicolon

138 views

Skip to first unread message

Damien Neil (Gerrit)

unread,

Feb 22, 2023, 4:09:02 PM2/22/23

to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Than McIntosh, Filippo Valsorda, Gopher Robot, Brad Fitzpatrick, golang-co...@googlegroups.com

Damien Neil submitted this change.

View Change

Approvals:
  Than McIntosh: Looks good to me, but someone else must approve
  Damien Neil: Run TryBots
  Gopher Robot: TryBots succeeded
  Filippo Valsorda: Looks good to me, approved

net/http: remove warning when parsing a query containing a semicolon

It's been years since the behavior here was changed, and there's
little point in continuing to warn users of it.

Fixes #49399

Change-Id: I95f64ca14cacb64ebe78296593b1cc3d837e6b77
Reviewed-on: https://go-review.googlesource.com/c/go/+/470315
Run-TryBot: Damien Neil <dn...@google.com>
TryBot-Result: Gopher Robot <go...@golang.org>
Reviewed-by: Filippo Valsorda <fil...@golang.org>
Reviewed-by: Than McIntosh <th...@google.com>
---
M src/net/http/serve_test.go
M src/net/http/server.go
2 files changed, 28 insertions(+), 36 deletions(-)

diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
index e11de66..b2bdeb1 100644
--- a/src/net/http/serve_test.go
+++ b/src/net/http/serve_test.go
@@ -6558,10 +6558,10 @@
 	t.Cleanup(func() { afterTest(t) })
 
 	tests := []struct {
-		query           string
-		xNoSemicolons   string
-		xWithSemicolons string
-		warning         bool
+		query              string
+		xNoSemicolons      string
+		xWithSemicolons    string
+		expectParseFormErr bool
 	}{
 		{"?a=1;x=bad&x=good", "good", "bad", true},
 		{"?a=1;b=bad&x=good", "good", "good", true},
@@ -6573,20 +6573,20 @@
 		for _, tt := range tests {
 			t.Run(tt.query+"/allow=false", func(t *testing.T) {
 				allowSemicolons := false
-				testQuerySemicolon(t, mode, tt.query, tt.xNoSemicolons, allowSemicolons, tt.warning)
+				testQuerySemicolon(t, mode, tt.query, tt.xNoSemicolons, allowSemicolons, tt.expectParseFormErr)
 			})
 			t.Run(tt.query+"/allow=true", func(t *testing.T) {
-				allowSemicolons, expectWarning := true, false
-				testQuerySemicolon(t, mode, tt.query, tt.xWithSemicolons, allowSemicolons, expectWarning)
+				allowSemicolons, expectParseFormErr := true, false
+				testQuerySemicolon(t, mode, tt.query, tt.xWithSemicolons, allowSemicolons, expectParseFormErr)
 			})
 		}
 	})
 }
 
-func testQuerySemicolon(t *testing.T, mode testMode, query string, wantX string, allowSemicolons, expectWarning bool) {
+func testQuerySemicolon(t *testing.T, mode testMode, query string, wantX string, allowSemicolons, expectParseFormErr bool) {
 	writeBackX := func(w ResponseWriter, r *Request) {
 		x := r.URL.Query().Get("x")
-		if expectWarning {
+		if expectParseFormErr {
 			if err := r.ParseForm(); err == nil || !strings.Contains(err.Error(), "semicolon") {
 				t.Errorf("expected error mentioning semicolons from ParseForm, got %v", err)
 			}
@@ -6624,16 +6624,6 @@
 	if got, want := string(slurp), wantX; got != want {
 		t.Errorf("Body = %q; want = %q", got, want)
 	}
-
-	if expectWarning {
-		if !strings.Contains(logBuf.String(), "semicolon") {
-			t.Errorf("got %q from ErrorLog, expected a mention of semicolons", logBuf.String())
-		}
-	} else {
-		if strings.Contains(logBuf.String(), "semicolon") {
-			t.Errorf("got %q from ErrorLog, expected no mention of semicolons", logBuf.String())
-		}
-	}
 }
 
 func TestMaxBytesHandler(t *testing.T) {
diff --git a/src/net/http/server.go b/src/net/http/server.go
index 1ac61f7..1b3b2f2 100644
--- a/src/net/http/server.go
+++ b/src/net/http/server.go
@@ -2921,23 +2921,9 @@
 		handler = globalOptionsHandler{}
 	}
 
-	if req.URL != nil && strings.Contains(req.URL.RawQuery, ";") {
-		var allowQuerySemicolonsInUse atomic.Bool
-		req = req.WithContext(context.WithValue(req.Context(), silenceSemWarnContextKey, func() {
-			allowQuerySemicolonsInUse.Store(true)
-		}))
-		defer func() {
-			if !allowQuerySemicolonsInUse.Load() {
-				sh.srv.logf("http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192")
-			}
-		}()
-	}
-
 	handler.ServeHTTP(rw, req)
 }
 
-var silenceSemWarnContextKey = &contextKey{"silence-semicolons"}
-
 // AllowQuerySemicolons returns a handler that serves requests by converting any
 // unescaped semicolons in the URL query to ampersands, and invoking the handler h.
 //
@@ -2949,9 +2935,6 @@
 // AllowQuerySemicolons should be invoked before Request.ParseForm is called.
 func AllowQuerySemicolons(h Handler) Handler {
 	return HandlerFunc(func(w ResponseWriter, r *Request) {
-		if silenceSemicolonsWarning, ok := r.Context().Value(silenceSemWarnContextKey).(func()); ok {
-			silenceSemicolonsWarning()
-		}
 		if strings.Contains(r.URL.RawQuery, ";") {
 			r2 := new(Request)
 			*r2 = *r

To view, visit change 470315. To unsubscribe, or for help writing mail filters, visit settings.

Reply all

Reply to author

Forward

0 new messages