From 40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 25 Dec 2003 09:57:39 +0000
Subject: (merge from 3.0)

Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
strings, only form input in SWAT.

Andrew Bartlett
(This used to be commit 794ff4da03a3c5b6afa3ee4802f83f04571a5652)
---
 source3/lib/util_str.c |  5 -----
 source3/web/cgi.c      | 18 ++++++++++++++++++
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 1aa33a1a4b..fd339370b3 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1780,11 +1780,6 @@ void rfc1738_unescape(char *buf)
 {
 	char *p=buf;
 
-	while ((p=strchr_m(p,'+')))
-		*p = ' ';
-
-	p = buf;
-
 	while (p && *p && (p=strchr_m(p,'%'))) {
 		int c1 = p[1];
 		int c2 = p[2];
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 07e3ee38fb..8a103fa57f 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -85,6 +85,20 @@ static char *grab_line(FILE *f, int *cl)
 	return ret;
 }
 
+/**
+ URL encoded strings can have a '+', which should be replaced with a space
+
+ (This was in rfc1738_unescape(), but that broke the squid helper)
+**/
+
+void plus_to_space_unescape(char *buf)
+{
+	char *p=buf;
+
+	while ((p=strchr_m(p,'+')))
+		*p = ' ';
+}
+
 /***************************************************************************
   load all the variables passed to the CGI program. May have multiple variables
   with the same name and the same or different values. Takes a file parameter
@@ -130,7 +144,9 @@ void cgi_load_variables(void)
 			    !variables[num_variables].value)
 				continue;
 
+			plus_to_space_unescape(variables[num_variables].value);
 			rfc1738_unescape(variables[num_variables].value);
+			plus_to_space_unescape(variables[num_variables].name);
 			rfc1738_unescape(variables[num_variables].name);
 
 #ifdef DEBUG_COMMENTS
@@ -161,7 +177,9 @@ void cgi_load_variables(void)
 			    !variables[num_variables].value)
 				continue;
 
+			plus_to_space_unescape(variables[num_variables].value);
 			rfc1738_unescape(variables[num_variables].value);
+			plus_to_space_unescape(variables[num_variables].name);
 			rfc1738_unescape(variables[num_variables].name);
 
 #ifdef DEBUG_COMMENTS
-- 
cgit