Author: Lars Hjemli <larsh@hal-2004.(none)>
Handle %xx encoding in querystring Convert valid %xx expressions in querystring to ascii, ignore invalid expressions (i.e. eat the three characters %xx). Signed-off-by: Lars Hjemli <larsh@hal-2004.(none)>
cgit.h | 2 ++ parsing.c | 21 +++++++++++++++++++++ shared.c | 13 +++++++++++++
diff --git a/cgit.h b/cgit.h index 249650e087a91c4cc8d1f8a9452b10bcebfcbb21..eb8f08c1876a64f48473ebad243fd46e4f10bd61 100644 --- a/cgit.h +++ b/cgit.h @@ -67,6 +67,8 @@ extern void cgit_global_config_cb(const char *name, const char *value); extern void cgit_repo_config_cb(const char *name, const char *value); extern void cgit_querystring_cb(const char *name, const char *value); +extern int hextoint(char c); + extern void *cgit_free_commitinfo(struct commitinfo *info); extern char *fmt(const char *format,...); diff --git a/parsing.c b/parsing.c index 1b22fcf5d059dfd5715e4b5acce911b773115bd2..4173dd4adf7eece4d90f39b4e0b86627ea689e87 100644 --- a/parsing.c +++ b/parsing.c @@ -79,6 +79,25 @@ fclose(f); return ret; } +char *convert_query_hexchar(char *txt) +{ + int d1, d2; + if (strlen(txt) < 3) { + *txt = '\0'; + return txt-1; + } + d1 = hextoint(*(txt+1)); + d2 = hextoint(*(txt+2)); + if (d1<0 || d2<0) { + strcpy(txt, txt+3); + return txt-1; + } else { + *txt = d1 * 16 + d2; + strcpy(txt+1, txt+3); + return txt; + } +} + int cgit_parse_query(char *txt, configfn fn) { char *t, *value = NULL, c; @@ -94,6 +113,8 @@ *t = '\0'; value = t+1; } else if (c=='+') { *t = ' '; + } else if (c=='%') { + t = convert_query_hexchar(t); } else if (c=='&') { *t = '\0'; (*fn)(txt, value); diff --git a/shared.c b/shared.c index 7def51a997beb49f5b302477beba9aee80aebfb2..e4595fabe0cd2f1650fa1566adfb67c1568b60e3 100644 --- a/shared.c +++ b/shared.c @@ -113,3 +113,16 @@ free(info->subject); free(info); return NULL; } + +int hextoint(char c) +{ + if (c >= 'a' && c <= 'f') + return 10 + c - 'a'; + else if (c >= 'A' && c <= 'F') + return 10 + c - 'A'; + else if (c >= '0' && c <= '9') + return c - '0'; + else + return -1; +} +