/** * Returns the next portion. Any URL-encoding is undone, but we will * HTML encode the < and " marks since they are both * not useful un URL paths in FHIR and potentially represent injection * attacks. * * @see UrlUtil#sanitizeUrlPart(String) * @see UrlUtil#unescape(String) */ public String nextTokenUnescapedAndSanitized() { return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); }
private static void parseQueryString(String theQueryString, HashMap<String, List<String>> map) { String query = defaultString(theQueryString); if (query.startsWith("?")) { query = query.substring(1); } StringTokenizer tok = new StringTokenizer(query, "&"); while (tok.hasMoreTokens()) { String nextToken = tok.nextToken(); if (isBlank(nextToken)) { continue; } int equalsIndex = nextToken.indexOf('='); String nextValue; String nextKey; if (equalsIndex == -1) { nextKey = nextToken; nextValue = ""; } else { nextKey = nextToken.substring(0, equalsIndex); nextValue = nextToken.substring(equalsIndex + 1); } nextKey = unescape(nextKey); nextValue = unescape(nextValue); List<String> list = map.computeIfAbsent(nextKey, k -> new ArrayList<>()); list.add(nextValue); } }
switch (fhirContextVersion) { case R4: result.setId(new org.hl7.fhir.r4.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId), UrlUtil.unescape(myVersion))); break; case DSTU3: result.setId(new org.hl7.fhir.dstu3.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId), UrlUtil.unescape(myVersion))); break; case DSTU2_1: result.setId(new org.hl7.fhir.dstu2016may.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId), UrlUtil.unescape(myVersion))); break; case DSTU2_HL7ORG: result.setId(new org.hl7.fhir.instance.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId), UrlUtil.unescape(myVersion))); break; case DSTU2: result.setId(new ca.uhn.fhir.model.primitive.IdDt(myServer.getBaseForRequest(), UrlUtil.unescape(myId), UrlUtil.unescape(myVersion))); break; default: switch (fhirContextVersion) { case R4: result.setId(new org.hl7.fhir.r4.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId))); break; case DSTU3: result.setId(new org.hl7.fhir.dstu3.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId))); break; case DSTU2_1: result.setId(new org.hl7.fhir.dstu2016may.model.IdType(myServer.getBaseForRequest(), UrlUtil.unescape(myId))); break; case DSTU2_HL7ORG:
} else { id = myFhirContext.getVersion().newIdType(); id.setParts(null, resourceName, UrlUtil.unescape(nextString), null); throw new InvalidRequestException("Don't know how to handle request path: " + theRequestPath); id.setParts(null, resourceName, id.getIdPart(), UrlUtil.unescape(versionString)); } else { operation = Constants.PARAM_HISTORY;
/** * Returns the next portion. Any URL-encoding is undone, but we will * HTML encode the < and " marks since they are both * not useful un URL paths in FHIR and potentially represent injection * attacks. * * @see UrlUtil#sanitizeUrlPart(String) * @see UrlUtil#unescape(String) */ public String nextTokenUnescapedAndSanitized() { return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); }
private static void parseQueryString(String theQueryString, HashMap<String, List<String>> map) { String query = defaultString(theQueryString); if (query.startsWith("?")) { query = query.substring(1); } StringTokenizer tok = new StringTokenizer(query, "&"); while (tok.hasMoreTokens()) { String nextToken = tok.nextToken(); if (isBlank(nextToken)) { continue; } int equalsIndex = nextToken.indexOf('='); String nextValue; String nextKey; if (equalsIndex == -1) { nextKey = nextToken; nextValue = ""; } else { nextKey = nextToken.substring(0, equalsIndex); nextValue = nextToken.substring(equalsIndex + 1); } nextKey = unescape(nextKey); nextValue = unescape(nextValue); List<String> list = map.computeIfAbsent(nextKey, k -> new ArrayList<>()); list.add(nextValue); } }
} else { id = getFhirContext().getVersion().newIdType(); id.setParts(null, resourceName, UrlUtil.unescape(nextString), null); throw new InvalidRequestException("Don't know how to handle request path: " + theRequestPath); id.setParts(null, resourceName, id.getIdPart(), UrlUtil.unescape(versionString)); } else { operation = Constants.PARAM_HISTORY;
} else { id = myFhirContext.getVersion().newIdType(); id.setParts(null, resourceName, UrlUtil.unescape(nextString), null); throw new InvalidRequestException("Don't know how to handle request path: " + theRequestPath); id.setParts(null, resourceName, id.getIdPart(), UrlUtil.unescape(versionString)); } else { operation = Constants.PARAM_HISTORY;