Accept array-style keys in from_query_string#577
Open
gaoflow wants to merge 1 commit into
Open
Conversation
from_query_string raised ValueError on valid query strings with array-style keys such as a[]=1&a[]=2 or user[name]=joe. The format gate used a hardcoded character whitelist that omitted [ and ], so any bracketed key was rejected before parse_qs was called. Replace the whitelist with a structural check (each &-segment is key=value with a non-empty key and no raw whitespace), which accepts bracketed/array keys while still rejecting TOML/YAML/JSON/XML and plain text. Adds tests for array-style and bracketed keys.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
from_query_stringrejects valid query strings that use array-style keys, whichurllib.parse.parse_qsparses without complaint:The
decodegate inQueryStringSerializerused a hardcoded character whitelist ([\w\-\%\+\.\|]) for keys and values, which omits[and](and other valid characters), so any bracketed/array key fails the gate beforeparse_qsis ever called. Array-style keys are common (PHP and HTML-form syntax).Fix
Replace the opaque whitelist with a structural check: split on
&and require every segment to bekey=valuewhere the key is non-empty and neither side contains raw whitespace,=(key) or&. This accepts bracketed/array keys while still rejecting the other formats benedict's autodetect must distinguish (verified against the repo's own fixtures: TOML, YAML, JSON, XML, plain text and URLs are still rejected).Tests
Added cases for array-style (
a[]=1&a[]=2) and bracketed (user[name]=joe&user[age]=42) keys via bothIODict.from_query_stringandIODict(s, format="query_string"). Without the fix they raiseValueError; with it the query-string tests pass and the broader IO/serializer suite is green (279 passed locally).ruff check/formatclean.Disclosure: I used AI assistance (Claude) to help locate and draft this fix, under my direction and review.