diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-12-25 09:37:41 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-25 09:37:41 +0000 |
commit | 3b386064911dce7c02e40b5cc7a971f2d4b28185 (patch) | |
tree | 2389606b043feaeb633849a7cef985063e4e92a6 /source3/web | |
parent | 2e9deb12bfe10bfb12cc00820ce9f92af9bbd8de (diff) | |
download | samba-3b386064911dce7c02e40b5cc7a971f2d4b28185.tar.gz samba-3b386064911dce7c02e40b5cc7a971f2d4b28185.tar.bz2 samba-3b386064911dce7c02e40b5cc7a971f2d4b28185.zip |
Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
strings, only form input in SWAT.
Andrew Bartlett
(This used to be commit 8d54f5fe0c5689660f37788916b37014754ce23e)
Diffstat (limited to 'source3/web')
-rw-r--r-- | source3/web/cgi.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 07e3ee38fb..8a103fa57f 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -85,6 +85,20 @@ static char *grab_line(FILE *f, int *cl) return ret; } +/** + URL encoded strings can have a '+', which should be replaced with a space + + (This was in rfc1738_unescape(), but that broke the squid helper) +**/ + +void plus_to_space_unescape(char *buf) +{ + char *p=buf; + + while ((p=strchr_m(p,'+'))) + *p = ' '; +} + /*************************************************************************** load all the variables passed to the CGI program. May have multiple variables with the same name and the same or different values. Takes a file parameter @@ -130,7 +144,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS @@ -161,7 +177,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS |