diff options
| author | David Kalnischkies <kalnischkies@gmail.com> | 2010-03-31 17:19:10 +0200 |
|---|---|---|
| committer | David Kalnischkies <kalnischkies@gmail.com> | 2010-03-31 17:19:10 +0200 |
| commit | 436d7eab92bb8f9cc6498acfbf2055e717be6fd0 (patch) | |
| tree | b20637bf103d7defe34013f4e2b475aeaa7fe53b /apt-pkg/contrib/strutl.cc | |
| parent | e84adb76c87f419ed5bad8f7d08a4132de2bc406 (diff) | |
Userinfo is urlencoded in URIs (RFC 3986)
Thanks to Jean-Baptiste Lallement for spotting and fixing it!
* apt-pkg/contrib/strutl.cc:
- always escape '%' (LP: #130289) (Closes: #500560)
- unescape '%' sequence only if followed by 2 hex digit
- username/password are urlencoded in proxy string (RFC 3986)
Diffstat (limited to 'apt-pkg/contrib/strutl.cc')
| -rw-r--r-- | apt-pkg/contrib/strutl.cc | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index 7eb986ac0..c7d63ce8a 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -198,7 +198,8 @@ bool ParseQuoteWord(const char *&String,string &Res) char *I; for (I = Buffer; I < Buffer + sizeof(Buffer) && Start != C; I++) { - if (*Start == '%' && Start + 2 < C) + if (*Start == '%' && Start + 2 < C && + isxdigit(Start[1]) && isxdigit(Start[2])) { Tmp[0] = Start[1]; Tmp[1] = Start[2]; @@ -273,7 +274,8 @@ string QuoteString(const string &Str, const char *Bad) for (string::const_iterator I = Str.begin(); I != Str.end(); I++) { if (strchr(Bad,*I) != 0 || isprint(*I) == 0 || - *I <= 0x20 || *I >= 0x7F) + *I == 0x25 || // percent '%' char + *I <= 0x20 || *I >= 0x7F) // control chars { char Buf[10]; sprintf(Buf,"%%%02x",(int)*I); @@ -290,10 +292,16 @@ string QuoteString(const string &Str, const char *Bad) /* This undoes QuoteString */ string DeQuoteString(const string &Str) { + return DeQuoteString(Str.begin(),Str.end()); +} +string DeQuoteString(string::const_iterator const &begin, + string::const_iterator const &end) +{ string Res; - for (string::const_iterator I = Str.begin(); I != Str.end(); I++) + for (string::const_iterator I = begin; I != end; I++) { - if (*I == '%' && I + 2 < Str.end()) + if (*I == '%' && I + 2 < end && + isxdigit(I[1]) && isxdigit(I[2])) { char Tmp[3]; Tmp[0] = I[1]; @@ -1238,9 +1246,10 @@ void URI::CopyFrom(const string &U) else { Host.assign(At+1,SingleSlash); - User.assign(FirstColon,SecondColon); + // username and password must be encoded (RFC 3986) + User.assign(DeQuoteString(FirstColon,SecondColon)); if (SecondColon < At) - Password.assign(SecondColon+1,At); + Password.assign(DeQuoteString(SecondColon+1,At)); } // Now we parse the RFC 2732 [] hostnames. |