Skip to content
This repository has been archived by the owner on Mar 10, 2020. It is now read-only.

Commit

Permalink
fix: don't let qs mangle binary buffers (#569)
Browse files Browse the repository at this point in the history
  • Loading branch information
vith committed Jun 21, 2017
1 parent 1b8557e commit 31a4738
Showing 1 changed file with 34 additions and 1 deletion.
35 changes: 34 additions & 1 deletion src/request-api.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
'use strict'

const Qs = require('qs')
const qsDefaultEncoder = require('qs/lib/utils').encode
const isNode = require('detect-node')
const ndjson = require('ndjson')
const pump = require('pump')
Expand Down Expand Up @@ -112,7 +113,39 @@ function requestAPI (config, options, callback) {
headers['Content-Type'] = `multipart/form-data; boundary=${stream.boundary}`
}

const qs = Qs.stringify(options.qs, {arrayFormat: 'repeat'})
const qs = Qs.stringify(options.qs, {
arrayFormat: 'repeat',
encoder: data => {
// TODO: future releases of qs will provide the default
// encoder as a 2nd argument to this function; it will
// no longer be necessary to import qsDefaultEncoder
if (Buffer.isBuffer(data)) {
let uriEncoded = ''
for (const byte of data) {
// https://tools.ietf.org/html/rfc3986#page-14
// ALPHA (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E), underscore (%5F), or tilde (%7E)
if (
(byte >= 0x41 && byte <= 0x5A) ||
(byte >= 0x61 && byte <= 0x7A) ||
(byte >= 0x30 && byte <= 0x39) ||
(byte === 0x2D) ||
(byte === 0x2E) ||
(byte === 0x5F) ||
(byte === 0x7E)
) {
uriEncoded += String.fromCharCode(byte)
} else {
const hex = byte.toString(16)
// String.prototype.padStart() not widely supported yet
const padded = hex.length === 1 ? `0${hex}` : hex
uriEncoded += `%${padded}`
}
}
return uriEncoded
}
return qsDefaultEncoder(data)
}
})
const req = request(config.protocol)({
hostname: config.host,
path: `${config['api-path']}${options.path}?${qs}`,
Expand Down

0 comments on commit 31a4738

Please sign in to comment.