From ba5cbb6d828165a43826c6afdd71fa2edbdca302 Mon Sep 17 00:00:00 2001
From: Nicolai Dagestad
Date: Sun, 15 Sep 2024 15:03:21 +0200
Subject: URL decode data after splitting the arguments

Data decoding should happen after the parsing if not, a '?', '&', '#'
or other character decoded will interfere with the parsing. e.g. the
users password contains a '&', then it is truncated on that character,
and login will fail.
---
 xs_httpd.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'xs_httpd.h')

diff --git a/xs_httpd.h b/xs_httpd.h
index 1782487..02b8ac2 100644
--- a/xs_httpd.h
+++ b/xs_httpd.h
@@ -36,7 +36,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
 
     {
         /* split the path with its optional variables */
-        xs *udp = xs_url_dec(xs_list_get(l2, 1));
+        const xs_val *udp = xs_list_get(l2, 1);
         xs *pnv = xs_split_n(udp, "?", 1);
 
         /* store the path */
@@ -75,8 +75,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
     v = xs_dict_get(req, "content-type");
 
     if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) {
-        xs *upl = xs_url_dec(*payload);
-        p_vars  = xs_url_vars(upl);
+        p_vars  = xs_url_vars(*payload);
     }
     else
     if (*payload && v && xs_startswith(v, "multipart/form-data")) {
-- 
cgit v1.2.3