You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Hyukjin Kwon (JIRA)" <ji...@apache.org> on 2019/05/21 04:25:29 UTC

[jira] [Updated] (SPARK-14443) parse_url() does not escape query parameters

     [ https://issues.apache.org/jira/browse/SPARK-14443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hyukjin Kwon updated SPARK-14443:
---------------------------------
    Labels: bulk-closed functions sql  (was: functions sql)

> parse_url() does not escape query parameters
> --------------------------------------------
>
>                 Key: SPARK-14443
>                 URL: https://issues.apache.org/jira/browse/SPARK-14443
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 1.6.0
>         Environment: Databricks
>            Reporter: Simeon Simeonov
>            Priority: Major
>              Labels: bulk-closed, functions, sql
>
> To reproduce, run the following SparkSQL statement:
> {code}
> select parse_url('http://1168.xg4ken.com/media/redir.php?prof=457&camp=67116&affcode=kw54&k_inner_url_encoded=1&cid=adwords&kdv=Desktop&url[]=http%3A%2F%2Fwww.landroverusa.com%2Fvehicles%2Frange-rover-sport-off-road-suv%2Findex.html%3Futm_content%3Dcontent%26utm_source%fb%26utm_medium%3Dcpc%26utm_term%3DAdwords_Brand_Range_Rover_Sport%26utm_campaign%3DFB_Land_Rover_Brand', 'QUERY', 'url[]')
> {code}
> The exception is ultimately caused by
> {code}
> java.util.regex.PatternSyntaxException: Unclosed character class near index 17
> (&|^)url[]=([^&]*)
>                  ^
> {code}
> Looks like the code is building a regex internally without escaping the passed in query parameter name.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org