Closed matsmcp closed 1 year ago
Hey! Thanks for submitting this! Have you tested this?
Did you want to submit a PR?
I did an offline testcase for it
function newsplit($RawRequestURL)
{
$RequestURL, $RequestArgs = $RawRequestURL.split("?",2)
write-host "*********************"
write-host "Newsplit:" $RequestURL
write-host "Newsplit:" $RequestArgs
write-host "Newsplit:" $RequestArgs.count
}
function oldsplit($RawRequestURL)
{
$RequestURL, $RequestArgs = $RawRequestURL.split("?")
write-host "Oldsplit:" $RequestURL
write-host "oldsplit:" $RequestArgs
write-host "oldsplit:" $RequestArgs.count
write-host "*********************"
}
newsplit "Storepassword?username=test&Password=12?tested"
oldsplit "Storepassword?username=test&Password=12?tested"
newsplit "Storepassword?username=test&Password=12_tested"
oldsplit "Storepassword?username=test&Password=12_tested"
newsplit "Storepassword"
oldsplit "Storepassword"
newsplit ""
oldsplit ""
The output for the first testcase shows the difference. Without limiting the split we get two arguments instead of one and a loss of one character. (You should not do passwords like this but it was a good example in my twisted mind)
I do not have git tools on this box so I don't think I can make a formal PR.
New version deployed. Let me know if you have any issues. https://www.powershellgallery.com/packages/RestPS/7.0.48
I would like to suggest one small change in code.
As I read the code passing a RequestURL that contains more than one ? will cause the code to create an array of Requestargs instead of just a string variable.
$RequestURL, $RequestArgs = $RawRequestURL.split("?")
By changing this to
$RequestURL, $RequestArgs = $RawRequestURL.split("?",2)
$RequestArgs should always be a stringIt might be me missing something but I think this should be safer against "bad data"