Updated param parsing to cope with bad input. Fixes weavejester#16.

Author: weavejester

src/compojure/http/request.clj

@@ -22,10 +22,11 @@
   [param-string separator]
   (reduce
     (fn [param-map s]
-      (let [[key val] (re-split #"=" s)]
+      (if-let [[_ key val] (re-matches #"([^=]+)=(.*)" s)]
         (assoc-vec param-map
           (keyword (urldecode key))
-          (urldecode (or val "")))))
+          (urldecode (or val "")))
+        param-map))
     {}
     (remove blank?
       (re-split separator param-string))))

test/compojure/http/request.clj

@@ -16,6 +16,13 @@
   (is (= (parse-query-params {:query-string "a=1%202"})
          {:a "1 2"})))
 
+(deftest query-params-invalid
+  (are (= (parse-query-params {:query-string _1}) _2)
+    ""      {}
+    "="     {}
+    "=1"    {}
+    "a=1&=" {:a "1"}))
+
 (deftest urlencoded-charset
   (is (urlencoded-form?
         {:content-type "application/x-www-form-urlencoded; charset=UTF8"})))