diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-12-25 09:57:39 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-25 09:57:39 +0000 |
commit | 40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc (patch) | |
tree | c8e9c5295387c9f1fa11fb1b2e302c8a31fe0037 | |
parent | aeb9021852325ef9faf3b1160ce55afa35a90513 (diff) | |
download | samba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.tar.gz samba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.tar.bz2 samba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.zip |
(merge from 3.0)
Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
strings, only form input in SWAT.
Andrew Bartlett
(This used to be commit 794ff4da03a3c5b6afa3ee4802f83f04571a5652)
-rw-r--r-- | source3/lib/util_str.c | 5 | ||||
-rw-r--r-- | source3/web/cgi.c | 18 |
2 files changed, 18 insertions, 5 deletions
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 1aa33a1a4b..fd339370b3 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1780,11 +1780,6 @@ void rfc1738_unescape(char *buf) { char *p=buf; - while ((p=strchr_m(p,'+'))) - *p = ' '; - - p = buf; - while (p && *p && (p=strchr_m(p,'%'))) { int c1 = p[1]; int c2 = p[2]; diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 07e3ee38fb..8a103fa57f 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -85,6 +85,20 @@ static char *grab_line(FILE *f, int *cl) return ret; } +/** + URL encoded strings can have a '+', which should be replaced with a space + + (This was in rfc1738_unescape(), but that broke the squid helper) +**/ + +void plus_to_space_unescape(char *buf) +{ + char *p=buf; + + while ((p=strchr_m(p,'+'))) + *p = ' '; +} + /*************************************************************************** load all the variables passed to the CGI program. May have multiple variables with the same name and the same or different values. Takes a file parameter @@ -130,7 +144,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS @@ -161,7 +177,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS |