Url queries that have been url encoded are improperly cast to structs containing vectors.
Some example code for this:
#[derive(Deserialize, Debug)]
struct MultiPrintQuery {
things_to_print: Vec<String>
}
app.at("/print").get(|req: Request<()>| async move {
let print_query: MultiPrintQuery = req.query().unwrap();
dbg!(&print_query);
for item in print_query.things_to_print {
println!("{}", item);
}
Ok(Response::new(200))
});
when you make a request at "/print" with non-encoded brackets the above code will work without panicking:
curl http://127.0.0.1:8080/print?things_to_print[0]=Hello+there&things_to_print[1]=General+Kenobi
However, when url encoded, making the same request to "/print" results in a panic:
curl http://127.0.0.1:8080/print?things_to_print%5B0%5D=Hello+there&things_to_print%5B1%5D=General+Kenobi
This is due to serde_qs not parsing url encoded brackets which is expected behaviour of serde_qs as it has no config specified in request.rs.
By default serde_qs runs in strict mode so that url encoded brackets are not parsed the same, however serde_qs can parse url encoded brackets if strict mode is disabled in its config.
This could cause some issues though with some peoples existing code if the depends on using url encoded brackets in key names but im unsure that it'd affect the majority of users.
Some solutions for this are:
Make Request.query() use Non-Strict serde_qs by default but possibly break some users existing code
Make Request.query take a bool param for strict or not
Keep Request.query() and make an identical one that uses non-strict serde_qs as Request.query_encoded()
Make the user import serde_qs as a dependancy themselves and have them manually parse from req.url().query()
I'm happy to pr a fix for this but I wanted to get some input on which kind of way you guys would want to go about it or if this is even a real issue at all.
Heyo ๐
Url queries that have been url encoded are improperly cast to structs containing vectors.
Some example code for this:
when you make a request at "/print" with non-encoded brackets the above code will work without panicking:
curl http://127.0.0.1:8080/print?things_to_print[0]=Hello+there&things_to_print[1]=General+KenobiHowever, when url encoded, making the same request to "/print" results in a panic:
curl http://127.0.0.1:8080/print?things_to_print%5B0%5D=Hello+there&things_to_print%5B1%5D=General+KenobiThis is due to serde_qs not parsing url encoded brackets which is expected behaviour of serde_qs as it has no config specified in request.rs. By default serde_qs runs in strict mode so that url encoded brackets are not parsed the same, however serde_qs can parse url encoded brackets if strict mode is disabled in its config.
This could cause some issues though with some peoples existing code if the depends on using url encoded brackets in key names but im unsure that it'd affect the majority of users.
Some solutions for this are:
I'm happy to pr a fix for this but I wanted to get some input on which kind of way you guys would want to go about it or if this is even a real issue at all.
Thank you for reading this too! ๐งก