commit 93a449edfbfe0f4e0f0608791a8b54882dab76bf
parent 57f57e8bfebab50dfde510523f09885d43aae369
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Mon, 20 Jun 2022 18:29:48 +0300
Use new functions for decode request URLs
Diffstat:
3 files changed, 22 insertions(+), 36 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -3300,8 +3300,8 @@ MHD_set_panic_func (MHD_PanicCallback cb, void *cls);
/**
* Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
- * The result must also still be 0-terminated.
+ * result cannot be larger than the input.
+ * The result is still be 0-terminated.
*
* @param val value to unescape (modified in the process)
* @return length of the resulting val (`strlen(val)` may be
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
@@ -45,6 +45,7 @@
#include "mhd_compat.h"
#include "mhd_send.h"
#include "mhd_align.h"
+#include "mhd_str.h"
#ifdef HAVE_SEARCH_H
#include <search.h>
@@ -5672,7 +5673,7 @@ MHD_polling_thread (void *cls)
/**
* Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
+ * result cannot be larger than the input.
* The result must also still be 0-terminated.
*
* @param cls closure (use NULL)
@@ -5686,10 +5687,23 @@ unescape_wrapper (void *cls,
struct MHD_Connection *connection,
char *val)
{
+ bool broken;
+ size_t res;
(void) cls; /* Mute compiler warning. */
- (void) connection; /* Mute compiler warning. */
- return MHD_http_unescape (val);
+ /* TODO: add individual parameter */
+ if (1 <= connection->daemon->strict_for_client)
+ return MHD_str_pct_decode_in_place_strict_ (val);
+
+ res = MHD_str_pct_decode_in_place_lenient_ (val, &broken);
+#ifdef HAVE_MESSAGES
+ if (broken)
+ {
+ MHD_DLOG (connection->daemon,
+ _ ("The URL encoding is broken.\n"));
+ }
+#endif /* HAVE_MESSAGES */
+ return res;
}
diff --git a/src/microhttpd/internal.c b/src/microhttpd/internal.c
@@ -135,8 +135,8 @@ MHD_unescape_plus (char *arg)
/**
* Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
- * The result must also still be 0-terminated.
+ * result cannot be larger than the input.
+ * The result is still be 0-terminated.
*
* @param val value to unescape (modified in the process)
* @return length of the resulting val (`strlen(val)` may be
@@ -145,35 +145,7 @@ MHD_unescape_plus (char *arg)
_MHD_EXTERN size_t
MHD_http_unescape (char *val)
{
- char *rpos = val;
- char *wpos = val;
-
- while ('\0' != *rpos)
- {
- uint32_t num;
- switch (*rpos)
- {
- case '%':
- if (2 == MHD_strx_to_uint32_n_ (rpos + 1,
- 2,
- &num))
- {
- *wpos = (char) ((unsigned char) num);
- wpos++;
- rpos += 3;
- break;
- }
- /* TODO: add bad sequence handling */
- /* intentional fall through! */
- default:
- *wpos = *rpos;
- wpos++;
- rpos++;
- }
- }
- *wpos = '\0'; /* add 0-terminator */
- mhd_assert (wpos >= val);
- return (size_t) (wpos - val);
+ return MHD_str_pct_decode_in_place_lenient_ (val, NULL);
}
