3 files changed, 22 insertions, 36 deletions

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 2eb6e05c..67f26bc3 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -3300,8 +3300,8 @@ MHD_set_panic_func (MHD_PanicCallback cb, void *cls);
 
 /**
  * Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
- * The result must also still be 0-terminated.
+ * result cannot be larger than the input.
+ * The result is still be 0-terminated.
  *
  * @param val value to unescape (modified in the process)
  * @return length of the resulting val (`strlen(val)` may be
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 8ba1baba..251e563e 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -45,6 +45,7 @@
 #include "mhd_compat.h"
 #include "mhd_send.h"
 #include "mhd_align.h"
+#include "mhd_str.h"
 
 #ifdef HAVE_SEARCH_H
 #include <search.h>
@@ -5672,7 +5673,7 @@ MHD_polling_thread (void *cls)
 
 /**
  * Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
+ * result cannot be larger than the input.
  * The result must also still be 0-terminated.
  *
  * @param cls closure (use NULL)
@@ -5686,10 +5687,23 @@ unescape_wrapper (void *cls,
                   struct MHD_Connection *connection,
                   char *val)
 {
+  bool broken;
+  size_t res;
   (void) cls; /* Mute compiler warning. */
 
-  (void) connection; /* Mute compiler warning. */
-  return MHD_http_unescape (val);
+  /* TODO: add individual parameter */
+  if (1 <= connection->daemon->strict_for_client)
+    return MHD_str_pct_decode_in_place_strict_ (val);
+
+  res = MHD_str_pct_decode_in_place_lenient_ (val, &broken);
+#ifdef HAVE_MESSAGES
+  if (broken)
+  {
+    MHD_DLOG (connection->daemon,
+              _ ("The URL encoding is broken.\n"));
+  }
+#endif /* HAVE_MESSAGES */
+  return res;
 }
 
 
diff --git a/src/microhttpd/internal.c b/src/microhttpd/internal.c
index e9e92414..57553251 100644
--- a/src/microhttpd/internal.c
+++ b/src/microhttpd/internal.c
@@ -135,8 +135,8 @@ MHD_unescape_plus (char *arg)
 
 /**
  * Process escape sequences ('%HH') Updates val in place; the
- * result should be UTF-8 encoded and cannot be larger than the input.
- * The result must also still be 0-terminated.
+ * result cannot be larger than the input.
+ * The result is still be 0-terminated.
  *
  * @param val value to unescape (modified in the process)
  * @return length of the resulting val (`strlen(val)` may be
@@ -145,35 +145,7 @@ MHD_unescape_plus (char *arg)
 _MHD_EXTERN size_t
 MHD_http_unescape (char *val)
 {
-  char *rpos = val;
-  char *wpos = val;
-
-  while ('\0' != *rpos)
-  {
-    uint32_t num;
-    switch (*rpos)
-    {
-    case '%':
-      if (2 == MHD_strx_to_uint32_n_ (rpos + 1,
-                                      2,
-                                      &num))
-      {
-        *wpos = (char) ((unsigned char) num);
-        wpos++;
-        rpos += 3;
-        break;
-      }
-    /* TODO: add bad sequence handling */
-    /* intentional fall through! */
-    default:
-      *wpos = *rpos;
-      wpos++;
-      rpos++;
-    }
-  }
-  *wpos = '\0'; /* add 0-terminator */
-  mhd_assert (wpos >= val);
-  return (size_t) (wpos - val);
+  return MHD_str_pct_decode_in_place_lenient_ (val, NULL);
 }