summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-12-25 09:57:39 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-12-25 09:57:39 +0000
commit40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc (patch)
treec8e9c5295387c9f1fa11fb1b2e302c8a31fe0037
parentaeb9021852325ef9faf3b1160ce55afa35a90513 (diff)
downloadsamba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.tar.gz
samba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.tar.bz2
samba-40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc.zip
(merge from 3.0)
Fix bug 916 - do not perform a + -> space substitution for squid URL encoded strings, only form input in SWAT. Andrew Bartlett (This used to be commit 794ff4da03a3c5b6afa3ee4802f83f04571a5652)
-rw-r--r--source3/lib/util_str.c5
-rw-r--r--source3/web/cgi.c18
2 files changed, 18 insertions, 5 deletions
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 1aa33a1a4b..fd339370b3 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1780,11 +1780,6 @@ void rfc1738_unescape(char *buf)
{
char *p=buf;
- while ((p=strchr_m(p,'+')))
- *p = ' ';
-
- p = buf;
-
while (p && *p && (p=strchr_m(p,'%'))) {
int c1 = p[1];
int c2 = p[2];
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 07e3ee38fb..8a103fa57f 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -85,6 +85,20 @@ static char *grab_line(FILE *f, int *cl)
return ret;
}
+/**
+ URL encoded strings can have a '+', which should be replaced with a space
+
+ (This was in rfc1738_unescape(), but that broke the squid helper)
+**/
+
+void plus_to_space_unescape(char *buf)
+{
+ char *p=buf;
+
+ while ((p=strchr_m(p,'+')))
+ *p = ' ';
+}
+
/***************************************************************************
load all the variables passed to the CGI program. May have multiple variables
with the same name and the same or different values. Takes a file parameter
@@ -130,7 +144,9 @@ void cgi_load_variables(void)
!variables[num_variables].value)
continue;
+ plus_to_space_unescape(variables[num_variables].value);
rfc1738_unescape(variables[num_variables].value);
+ plus_to_space_unescape(variables[num_variables].name);
rfc1738_unescape(variables[num_variables].name);
#ifdef DEBUG_COMMENTS
@@ -161,7 +177,9 @@ void cgi_load_variables(void)
!variables[num_variables].value)
continue;
+ plus_to_space_unescape(variables[num_variables].value);
rfc1738_unescape(variables[num_variables].value);
+ plus_to_space_unescape(variables[num_variables].name);
rfc1738_unescape(variables[num_variables].name);
#ifdef DEBUG_COMMENTS