summaryrefslogtreecommitdiff
path: root/xs_httpd.h
diff options
context:
space:
mode:
authorGravatar Nicolai Dagestad2024-09-15 15:03:21 +0200
committerGravatar Nicolai Dagestad2024-09-15 18:39:49 +0200
commitba5cbb6d828165a43826c6afdd71fa2edbdca302 (patch)
tree87290e2f2a97433c35f0ce86cd14cabe9703dd2c /xs_httpd.h
parentMinor code cleaning. (diff)
downloadpenes-snac2-ba5cbb6d828165a43826c6afdd71fa2edbdca302.tar.gz
penes-snac2-ba5cbb6d828165a43826c6afdd71fa2edbdca302.tar.xz
penes-snac2-ba5cbb6d828165a43826c6afdd71fa2edbdca302.zip
URL decode data after splitting the arguments
Data decoding should happen after the parsing if not, a '?', '&', '#' or other character decoded will interfere with the parsing. e.g. the users password contains a '&', then it is truncated on that character, and login will fail.
Diffstat (limited to '')
-rw-r--r--xs_httpd.h5
1 files changed, 2 insertions, 3 deletions
diff --git a/xs_httpd.h b/xs_httpd.h
index 1782487..02b8ac2 100644
--- a/xs_httpd.h
+++ b/xs_httpd.h
@@ -36,7 +36,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
36 36
37 { 37 {
38 /* split the path with its optional variables */ 38 /* split the path with its optional variables */
39 xs *udp = xs_url_dec(xs_list_get(l2, 1)); 39 const xs_val *udp = xs_list_get(l2, 1);
40 xs *pnv = xs_split_n(udp, "?", 1); 40 xs *pnv = xs_split_n(udp, "?", 1);
41 41
42 /* store the path */ 42 /* store the path */
@@ -75,8 +75,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
75 v = xs_dict_get(req, "content-type"); 75 v = xs_dict_get(req, "content-type");
76 76
77 if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) { 77 if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) {
78 xs *upl = xs_url_dec(*payload); 78 p_vars = xs_url_vars(*payload);
79 p_vars = xs_url_vars(upl);
80 } 79 }
81 else 80 else
82 if (*payload && v && xs_startswith(v, "multipart/form-data")) { 81 if (*payload && v && xs_startswith(v, "multipart/form-data")) {
HIC SVNT DRACONES