diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-06-22 11:46:07 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-06-22 11:46:07 +0000 |
commit | 6c8ff3e71101c8d437eaaffb17e06b448f87c564 (patch) | |
tree | ea913bf180a491f6c436b9e0e8be605c39b9c593 | |
parent | 4f7aa4c18a69a7a907e70fa9e079a1e397583071 (diff) |
After the last change, we also have to url_encode $SERVER_NAME and
$REMOTE_USER before using them in the Location.
From Sebastien Marie (semarie)
-rw-r--r-- | usr.sbin/httpd/server_http.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 472fe728100..37555f84a36 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.81 2015/06/21 13:08:36 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.82 2015/06/22 11:46:06 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -925,12 +925,15 @@ server_expand_http(struct client *clt, const char *val, char *buf, } if (strstr(val, "$REMOTE_USER") != NULL) { if ((srv_conf->flags & SRVFLAG_AUTH) && - clt->clt_remote_user != NULL) - str = clt->clt_remote_user; - else - str = ""; - if (expand_string(buf, len, - "$REMOTE_USER", str) != 0) + clt->clt_remote_user != NULL) { + if ((str = url_encode(clt->clt_remote_user)) + == NULL) + return (NULL); + } else + str = strdup(""); + ret = expand_string(buf, len, "$REMOTE_USER", str); + free(str); + if (ret != 0) return (NULL); } } @@ -973,8 +976,12 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); } if (strstr(val, "$SERVER_NAME") != NULL) { - if (expand_string(buf, len, - "$SERVER_NAME", srv_conf->name) != 0) + if ((str = url_encode(srv_conf->name)) + == NULL) + return (NULL); + ret = expand_string(buf, len, "$SERVER_NAME", str); + free(str); + if (ret != 0) return (NULL); } } |