From 40c3f98b8ffa9d3ff6f5cac1122eb11001928dcc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 25 Dec 2003 09:57:39 +0000 Subject: (merge from 3.0) Fix bug 916 - do not perform a + -> space substitution for squid URL encoded strings, only form input in SWAT. Andrew Bartlett (This used to be commit 794ff4da03a3c5b6afa3ee4802f83f04571a5652) --- source3/lib/util_str.c | 5 ----- source3/web/cgi.c | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 1aa33a1a4b..fd339370b3 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1780,11 +1780,6 @@ void rfc1738_unescape(char *buf) { char *p=buf; - while ((p=strchr_m(p,'+'))) - *p = ' '; - - p = buf; - while (p && *p && (p=strchr_m(p,'%'))) { int c1 = p[1]; int c2 = p[2]; diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 07e3ee38fb..8a103fa57f 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -85,6 +85,20 @@ static char *grab_line(FILE *f, int *cl) return ret; } +/** + URL encoded strings can have a '+', which should be replaced with a space + + (This was in rfc1738_unescape(), but that broke the squid helper) +**/ + +void plus_to_space_unescape(char *buf) +{ + char *p=buf; + + while ((p=strchr_m(p,'+'))) + *p = ' '; +} + /*************************************************************************** load all the variables passed to the CGI program. May have multiple variables with the same name and the same or different values. Takes a file parameter @@ -130,7 +144,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS @@ -161,7 +177,9 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; + plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); + plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS -- cgit