summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenneth R Westerback <krw@cvs.openbsd.org>2004-03-09 03:58:35 +0000
committerKenneth R Westerback <krw@cvs.openbsd.org>2004-03-09 03:58:35 +0000
commit4c7b770b1b9249c9fbea2e76526497a5492282d8 (patch)
tree525bb377d9376d15b6a09af0c739ad35dd224e13
parent1dd355fd19e860635a9959373530ff7c684bcf6a (diff)
URL-encode all usercode/password characters between 0x20 and 0x7e so that
more weird usercodes and passwords work. Embedded blanks especially. ok beck@.
-rw-r--r--distrib/miniroot/install.sub51
1 files changed, 43 insertions, 8 deletions
diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub
index 5e2d8aa01d6..e02467fbf5d 100644
--- a/distrib/miniroot/install.sub
+++ b/distrib/miniroot/install.sub
@@ -1,4 +1,4 @@
-# $OpenBSD: install.sub,v 1.332 2004/02/28 20:24:14 krw Exp $
+# $OpenBSD: install.sub,v 1.333 2004/03/09 03:58:34 krw Exp $
# $NetBSD: install.sub,v 1.5.2.8 1996/09/02 23:25:02 pk Exp $
#
# Copyright (c) 1997-2003 Todd Miller, Theo de Raadt, Ken Westerback
@@ -823,16 +823,51 @@ __EOT
}
# Encode $1 as specified for usercodes and passwords in RFC 1738
-# section 3.1, and now supported by our in-tree ftp:
+# section 3.1 and section 5.
#
-# ':' -> '%3a'
-# '@' -> '%40'
-# '/' -> '%2f'
+# Escape everything between 0x20 and 0x7e to avoid both illegal url
+# characters and characters causing problems during script processing.
#
-# *NOTE* quotes around $1 are required to preserve trailing or
-# embeddded blanks in usercodes and passwords!
+# *NOTE*
+# 1) quotes around $1 are required to preserve trailing or
+# embeddded blanks in usercodes and passwords.
+# 2) substitute '%' FIRST so it doesn't eliminate '%' chars we insert.
encode_for_url() {
- echo "$1" | sed -e 's/:/%3a/g' -e 's/@/%40/g' -e 's/\//%2f/g'
+ echo "$1" | sed -e "
+s/%/%25/g
+s/ /%20/g
+s/!/%21/g
+s/\"/%22/g
+s/#/%23/g
+s/\\\$/%24/g
+s/&/%26/g
+s/'/%27/g
+s/(/%28/g
+s/)/%29/g
+s/\*/%2a/g
+s/+/%2b/g
+s/,/%2c/g
+s/-/%2d/g
+s/\./%2e/g
+s/\//%2f/g
+s/:/%3a/g
+s/;/%3b/g
+s/</%3c/g
+s/=/%3d/g
+s/>/%3e/g
+s/?/%3f/g
+s/@/%40/g
+s/\[/%5b/g
+s/\\\\/%5c/g
+s/]/%5d/g
+s/\^/%5e/g
+s/_/%5f/g
+s/\`/%60/g
+s/{/%7b/g
+s/|/%7c/g
+s/}/%7d/g
+s/~/%7e/g
+"
}
# Check for the presence of an error message in the output of the ftp commands