diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-01-01 15:28:43 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-01-26 00:41:05 -0500 |
commit | 9cdfb4846653253f2c11dd74964eb4a9bc006a2c (patch) | |
tree | 08a7c88c45462624f96a42ca459b1444bda6d815 /src/burl.c | |
parent | aaccb1bc5e85c3f9bb4e1f0891002703699f8854 (diff) | |
download | lighttpd-git-9cdfb4846653253f2c11dd74964eb4a9bc006a2c.tar.gz |
[core] preserve %2b and %2B in query string (fixes #2999)
normalize %2b or %2B in query string to %2B (uppercase hex),
and not to '+'
(thx int-e)
x-ref:
"url-normalize-required expands %2B in query strings"
https://redmine.lighttpd.net/issues/2999
Diffstat (limited to 'src/burl.c')
-rw-r--r-- | src/burl.c | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -139,7 +139,9 @@ static int burl_normalize_basic_required_fix (buffer *b, buffer *t, int i, int q else if (s[i]=='%' && li_cton(s[i+1], n1) && li_cton(s[i+2], n2)) { const unsigned int x = (n1 << 4) | n2; if (!encoded_chars_http_uri_reqd[x] - && (qs < 0 ? (x!='/'&&x!='?') : (x!='&'&&x!='='&&x!=';'))) { + && (qs < 0 + ? (x != '/' && x != '?') + : (x != '&' && x != '=' && x != ';' && x != '+'))) { p[j] = x; } else { @@ -177,7 +179,9 @@ static int burl_normalize_basic_required (buffer *b, buffer *t) } else if (s[i]=='%' && li_cton(s[i+1], n1) && li_cton(s[i+2], n2) && (encoded_chars_http_uri_reqd[(x = (n1 << 4) | n2)] - ||(qs < 0 ? (x=='/'||x=='?') : (x=='&'||x=='='||x==';')))){ + || (qs < 0 + ? (x == '/' || x == '?') + : (x == '&' || x == '=' || x == ';' || x == '+')))) { if (li_utf8_invalid_byte(x)) qs = -2; if (s[i+1] >= 'a') b->ptr[i+1] &= 0xdf; /* uppercase hex */ if (s[i+2] >= 'a') b->ptr[i+2] &= 0xdf; /* uppercase hex */ |