From 3732e26a563ab3f6bb51eff68e9017b7502218c0 Mon Sep 17 00:00:00 2001 From: Cameron Lau Date: Mon, 25 Jul 2022 09:53:20 -0700 Subject: [PATCH 1/4] Changed URI.escape to CGI.escape (#19) * Changed URI.escape to CGI.escape * Added test case for CGI.escape unsafe chars * Edit CHANGELOG.md * Edit VERSION.rb * Change version to 2.0.0 Co-authored-by: camlau-pp-dev --- CHANGELOG.md | 3 +++ lib/paypalhttp/serializers/form_encoded.rb | 4 ++-- lib/paypalhttp/version.rb | 2 +- spec/paypalhttp/encoder_spec.rb | 19 ++++++++++++++++++- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f5e48fd..19151ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 2.0.0 +* Change URI.escape to CGI.escape which changes form encoding for spaces from "%20" to "+". + ## 1.0.1 * Fix Case Sensitivity of Content Type for deserialization process diff --git a/lib/paypalhttp/serializers/form_encoded.rb b/lib/paypalhttp/serializers/form_encoded.rb index ca01950..6e0db6e 100644 --- a/lib/paypalhttp/serializers/form_encoded.rb +++ b/lib/paypalhttp/serializers/form_encoded.rb @@ -1,11 +1,11 @@ -require 'uri' +require 'cgi' module PayPalHttp class FormEncoded def encode(request) encoded_params = [] request.body.each do |k, v| - encoded_params.push("#{URI.escape(k.to_s)}=#{URI.escape(v.to_s)}") + encoded_params.push("#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}") end encoded_params.join("&") diff --git a/lib/paypalhttp/version.rb b/lib/paypalhttp/version.rb index 50b5ea9..2101409 100644 --- a/lib/paypalhttp/version.rb +++ b/lib/paypalhttp/version.rb @@ -1 +1 @@ -VERSION = "1.0.1" +VERSION = "2.0.0" diff --git a/spec/paypalhttp/encoder_spec.rb b/spec/paypalhttp/encoder_spec.rb index ba60bd4..281da95 100644 --- a/spec/paypalhttp/encoder_spec.rb +++ b/spec/paypalhttp/encoder_spec.rb @@ -105,7 +105,24 @@ }) serialized = Encoder.new.serialize_request(req) - expect(serialized).to eq("key=value%20with%20a%20space&another_key=1013") + expect(serialized).to eq("key=value+with+a+space&another_key=1013") + end + + it 'encodes different special/unsafe characters when using CGI.escape' do + req = OpenStruct.new({ + :verb => "POST", + :path => "/v1/api", + :headers => { + "content-type" => "application/x-www-form-urlencoded; charset=utf8" + }, + :body => { + :key => " ..<..>..%..{..}..|../..^..`..!", + :another_key => 1013, + } + }) + serialized = Encoder.new.serialize_request(req) + + expect(serialized).to eq("key=+..%3C..%3E..%25..%7B..%7D..%7C..%2F..%5E..%60..%21&another_key=1013") end it 'throws when content-type is unsupported' do From 49dbd7f5eddc0ba7cd9527c60260e827b8b84177 Mon Sep 17 00:00:00 2001 From: Joseph Schito Date: Mon, 25 Jul 2022 22:35:00 +0200 Subject: [PATCH 2/4] Fix `PaypasHttp` typo in README.md (#21) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a5d9ba0..1452360 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Paypal HttpClient -PaypasHttp is a generic HTTP Client. +PaypalHttp is a generic HTTP Client. In it's simplest form, an [`HttpClient`](./lib/paypalhttp/http_client.rb) exposes an `#execute` method which takes an HTTP request, executes it against the domain described in an `Environment`, and returns an HTTP response. From de3c7b68641e2404415a01e5551f7aa05c0b1537 Mon Sep 17 00:00:00 2001 From: camlau-pp-dev <107945402+camlau-pp-dev@users.noreply.github.com> Date: Wed, 27 Jul 2022 09:42:42 -0700 Subject: [PATCH 3/4] Fix/CGI.escape Function Issue (#23) * Changed URI.escape to CGI.escape * Added test case for CGI.escape unsafe chars * Edit CHANGELOG.md * Edit VERSION.rb * Change version to 2.0.0 * Resolve issue regarding certain special char encoding * Update Unit Tests * Resolve PR Comments - Unit Test * Update CHANGELOG.md * Update CHANGELOG.md & version.rb, Preparation for release * Edit form_encoded to not create a new parser each time * Resolve PR Comments - Remove typo, also verified tests Co-authored-by: cameronlxu --- CHANGELOG.md | 3 +++ lib/paypalhttp/serializers/form_encoded.rb | 8 ++++++-- lib/paypalhttp/version.rb | 2 +- spec/paypalhttp/encoder_spec.rb | 24 ++++++++++++++++++---- 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19151ff..acc4aaf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 2.0.1 +* Fix form encoded by replacing CGI.escape with URI parser. + ## 2.0.0 * Change URI.escape to CGI.escape which changes form encoding for spaces from "%20" to "+". diff --git a/lib/paypalhttp/serializers/form_encoded.rb b/lib/paypalhttp/serializers/form_encoded.rb index 6e0db6e..e602430 100644 --- a/lib/paypalhttp/serializers/form_encoded.rb +++ b/lib/paypalhttp/serializers/form_encoded.rb @@ -1,11 +1,15 @@ -require 'cgi' +require 'uri' module PayPalHttp class FormEncoded + def initialize + @parser = URI::Parser.new() + end + def encode(request) encoded_params = [] request.body.each do |k, v| - encoded_params.push("#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}") + encoded_params.push("#{@parser.escape(k.to_s)}=#{@parser.escape(v.to_s)}") end encoded_params.join("&") diff --git a/lib/paypalhttp/version.rb b/lib/paypalhttp/version.rb index 2101409..b46c2e7 100644 --- a/lib/paypalhttp/version.rb +++ b/lib/paypalhttp/version.rb @@ -1 +1 @@ -VERSION = "2.0.0" +VERSION = "2.0.1" diff --git a/spec/paypalhttp/encoder_spec.rb b/spec/paypalhttp/encoder_spec.rb index 281da95..9211f4e 100644 --- a/spec/paypalhttp/encoder_spec.rb +++ b/spec/paypalhttp/encoder_spec.rb @@ -105,10 +105,10 @@ }) serialized = Encoder.new.serialize_request(req) - expect(serialized).to eq("key=value+with+a+space&another_key=1013") + expect(serialized).to eq("key=value%20with%20a%20space&another_key=1013") end - it 'encodes different special/unsafe characters when using CGI.escape' do + it 'encodes different special/unsafe characters when using a URI parser' do req = OpenStruct.new({ :verb => "POST", :path => "/v1/api", @@ -116,13 +116,29 @@ "content-type" => "application/x-www-form-urlencoded; charset=utf8" }, :body => { - :key => " ..<..>..%..{..}..|../..^..`..!", + :key => " ..<..>..%..{..}..|..^..`..!", :another_key => 1013, } }) serialized = Encoder.new.serialize_request(req) - expect(serialized).to eq("key=+..%3C..%3E..%25..%7B..%7D..%7C..%2F..%5E..%60..%21&another_key=1013") + expect(serialized).to eq("key=%20..%3C..%3E..%25..%7B..%7D..%7C..%5E..%60..!&another_key=1013") + end + + it 'does not encode links given certain special characters' do + req = OpenStruct.new({ + :verb => "POST", + :path => "/v1/api", + :headers => { + "content-type" => "application/x-www-form-urlencoded; charset=utf8" + }, + :body => { + :key => "https://localhost:3001/" + } + }) + serialized = Encoder.new.serialize_request(req) + + expect(serialized).to eq("key=https://localhost:3001/") end it 'throws when content-type is unsupported' do From f8d29e45d6c97f06b2f2fade8baf40f92a773931 Mon Sep 17 00:00:00 2001 From: Dani Kirby <58542682+DPoplin@users.noreply.github.com> Date: Thu, 29 May 2025 12:46:35 -0500 Subject: [PATCH 4/4] add deprecation notice (#28) --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1452360..653b32c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +# Deprecation Notice: +This SDK is deprecated; you can continue to use it, but no new features or support requests will be accepted. An integration with [the new Server SDK](https://github.com/paypal/PayPal-Server-SDKs) is recommended. Review the [docs](https://developer.paypal.com/serversdk/http/getting-started/how-to-get-started/) for details. + ## Paypal HttpClient PaypalHttp is a generic HTTP Client.