diff --git a/src/lib/rest/rest.cpp b/src/lib/rest/rest.cpp index 8e5358fae7..2ac96d6d71 100644 --- a/src/lib/rest/rest.cpp +++ b/src/lib/rest/rest.cpp @@ -111,7 +111,7 @@ static int uriArgumentGet(void* cbDataP, MHD_ValueKind kind, const char* ckey, c if (val == NULL || *val == 0) { - std::string errorString = std::string("Empty right-hand-side for URI param /") + ckey + "/"; + std::string errorString = std::string("Empty right-hand-side for URI param /") + jsonInvalidCharsTransformation(ckey) + "/"; if (ciP->apiVersion == V2) { diff --git a/test/functionalTest/cases/2955_quote_in_url_not_escaped/quote_in_url_not_escaped.test b/test/functionalTest/cases/2955_quote_in_url_not_escaped/quote_in_url_not_escaped.test new file mode 100644 index 0000000000..4fb4889785 --- /dev/null +++ b/test/functionalTest/cases/2955_quote_in_url_not_escaped/quote_in_url_not_escaped.test @@ -0,0 +1,53 @@ +# Copyright 2013 Telefonica Investigacion y Desarrollo, S.A.U +# +# This file is part of Orion Context Broker. +# +# Orion Context Broker is free software: you can redistribute it and/or +# modify it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# Orion Context Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero +# General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Orion Context Broker. If not, see http://www.gnu.org/licenses/. +# +# For those usages not covered by this license please contact with +# iot_support at tid dot es + +# VALGRIND_READY - to mark the test ready for valgrindTestSuite.sh + +--NAME-- +Quote in URL not escaped + +--SHELL-INIT-- +dbInit CB +brokerStart CB + +--SHELL-- + +echo "0: ++++++++++++++++++++" +orionCurl --url '/v2/entities?foo\"' +echo +echo + +--REGEXPECT-- +0: ++++++++++++++++++++ +HTTP/1.1 400 Bad Request +Content-Length: 82 +Content-Type: application/json +Fiware-Correlator: REGEX([0-9a-f\-]{36}) +Date: REGEX(.*) + +{ + "description": "Empty right-hand-side for URI param /foo\"/", + "error": "BadRequest" +} + + +--TEARDOWN-- +brokerStop CB +dbDrop CB