`URI.encode` is obsolete. `CGI.escape`, `URI.encode_www_form` or
`URI.encode_www_form_component` are recommended instead.
https://ruby-doc.org/stdlib-2.6/libdoc/uri/rdoc/URI/Escape.html#method-i-escape
URI.encode has different behaviour to CGI.escape:
```ruby
URI.encode('hello/world?test%string')
=> "hello/world?test%25string"
CGI.escape('hello/world?test%string')
=> "hello%2Fworld%3Ftest%25string"
```
I recently raised pull request #3039
201cbdce29cc6cdbbbe9efcb1afb250a05bc2ffd
That pull request escapes path items at insertion.
Before either pull request, the path item 'hello?world' would go into
the URL as 'hello?world'. That behaviour was insecure as if an attacker
could control the path item value, they could change the URL the
application connected to.
After #3039 'hello?world' would go in as 'hello%253Fworld'. This was
safer than before, but it's still not correct.
If I'd realised at the time, I would have made it correct at the time.
What this pull request does is make it go in as 'hello%35world', which
is correct.
ApiClient::build_request_url was URI.encoding the whole path.
This wasn't protecting against all undesirable characters in the path
items, but was escaping % characters a 2nd time which was unhelpful.
I have additionally removed URI.encode from Configuration::base_url as I
can't see any benefit it could be bringing.
There is no justification for it in the commit where it was originally
added: 47c8597d36a9bc0983ba5c40e2489bb094f9f076
* general support to add scopes for bearer auth too
implemented authorize workflow in aspnet core too
* petstore update
* fix missing )
* multi roles fix
* null pointer error prevention
* null point exception fixes
* null pointer fixes
* npe fix
* solved line break issue
* Fixed case where invalid comma is added to consumes/produces list in case last element is empty.
* Changed default HttpStatus.OK response to match first response code in definition.
Allowing also other responses 201, 202 ...
* Changed default HttpStatus.OK response to match first response code in definition.
Allowing also other responses 201, 202 ...
* run ./bin/kotlin-springboot-petstore-server.sh
Updated APIs
* feat(java-jersey2): Adding http response headers and making example compilable
* feat(java-jersey2): Updating pet project
* feat(java-jersey2): Removing uncessary lines from Readme
* feat(java-jersey2): Updating pet projects
* feat(java-jersey2): Updating pet projects
* refactor(golang): Use http constants for methods
* regenerate samples
* fix: Only import strings when needed
* regenerate samples
* Only import fmt and strings when needed
* regenerate samples
* kotlin spring : add reactivity via kotlin's coroutines
* add kotlin spring boot reactive samples
* bug : fix spring version and import for coroutines
* remove exception handler for reactive (webflux doesn't support it)
* add spring milestone repository to maven pom
* add reactive type for list in Api and ApiImpl methodes for mathching body responsive parameter
* fix baseType for ArraySchema
* regenerate samples
* updating documentation
* Ruby client: escape path parameters
Path parameters should be escaped when encoded into the path.
In the path '/pet/{petId}' let's pretend petId is a string instead of a
number.
If the user uses "Bobby" as the petId then they correctly get the path
'/pet/Bobby'.
But if they put 'Bobby/Tables' as the petId then they used to get the
path '/pet/Bobby/Tables' which will be interpreted by the server as a
different route.
Using CGI::Escape they now get '/pet/Bobby%2FTables' which is correct.
* Ruby client- regenerate further files
Thank you @autopp for noticing I needed to update
`samples/openapi3/client/petstore/ruby`.
Regenerated by running `bin/openapi3/ruby-client-petstore.sh`.
PR #3039
* [gradle] Reworking publishing pipeline
TravisCI proxies separate external requests with different orginating IP
addresses, while Sonatype associates artifacts for auto-generated
repositories by IP address. This leads to many gradle deploys from CI
resulting in "split" staging repositories with no way to combine in
Sonatype Nexus.
This introduces a workflow which should resolve this issue on the next
revision release. Specifically, nexus-publish-plugin is included to
create singular staging repositories from TravisCI and
gradle-nexus-staging-plugin is included to auto-release and promote
this repository.
NOTE:
We need to publish via publishPluginMavenPublicationToNexusRepository,
because publishToNexus will publish _all_ publish-related tasks,
including the one intended only for the Gradle Plugin Portal.
Tested in standalone open source Nexus Repo Manager, which doesn't
support the staging plugin. So, only SNAPSHOT workflow has been
validated locally.
* Change the 'publish' task to 'publishToMavenLocal' in the helper pom.xml
* Add condition on signing and be explicit about sources/javadoc artifacts
* Call close/closeAndReleaseRepository
* Reuse same closeAndReleaseRepository for SNAPSHOT + releases using a task guard, and publish to Gradle Plugin portal only on tagged build.
* Add v prefix for tag check.
* [typescript-fetch] Fix uploading files
* Check for Blob instead of File
* Update samples
* Update samples
* Update samples
* Update samples
* Regenerate samples
* Bug
* Manually fix samples
* Implement support for Buffer and Blob in a backwards-compatible way
* Rework how blob and buffer instance checking works
* Check for Blob/Buffer existence properly
* Avoid using Buffer and Blob in type declarations
* Remove Buffer support
* Update samples/client/petstore/typescript-fetch/tests/default/test/PetApi.ts
Co-Authored-By: Esteban Marin <estebanmarin@gmx.ch>
* Update samples/client/petstore/typescript-fetch/tests/default/test/PetApi.ts
Co-Authored-By: Esteban Marin <estebanmarin@gmx.ch>
* Support python 3.7 for all server-generators
Signed-off-by: Guillaume Smaha <guillaume.smaha@gmail.com>
* Rename typing_patch.py to typing_utils.py
* Renaming typing_patch.mustache to typing_utils.mustache
* Fix comparaison in typing_utils.is_dict for python3.7
* Use golang's provided method names (gin)
This commit modifies the gin template for the router to leverage the http constants for method types as defined by RFC 7231 section 4.3. These are documented on:
https://golang.org/pkg/net/http/#pkg-constants
This removes the need for the `strings` dependency and does not require any new dependencies, as `net/http` is already imported.
* Remove strings dependency which is no longer used
* Update samples
* fix(okhttp-gson): Make example executable
* fix(okhttp-gson): Make example executable
* fix(okhttp-gson): Make example executable
* fix(okhttp-gson): Updating pet project
* fix(okhttp-gson): Updating parcelable project
* fix(okhttp-gson): Using {{{}}}
