diff options
| author | semarie <semarie@cvs.openbsd.org> | 2015-06-23 17:25:02 +0000 |
|---|---|---|
| committer | semarie <semarie@cvs.openbsd.org> | 2015-06-23 17:25:02 +0000 |
| commit | 478b9e1500d78fed55e20a264870a4622e1ac89a (patch) | |
| tree | 6fcc479efec10ac4c7e738a434981b7405bd9264 /usr.sbin | |
| parent | b50192218361534e0c91f7103437b257ad6450a4 (diff) | |
escape the matched substrings before using it in expansion.
ok reyk@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 146b1420350..112bb0013ca 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.83 2015/06/23 15:23:14 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.84 2015/06/23 17:25:01 semarie Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -911,8 +911,11 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); /* Expand variable with matched value */ - if (expand_string(buf, len, ibuf, - clt->clt_srv_match.sm_match[n]) != 0) + if ((str = url_encode(clt->clt_srv_match.sm_match[n])) == NULL) + return (NULL); + ret = expand_string(buf, len, ibuf, str); + free(str); + if (ret != 0) return (NULL); } if (strstr(val, "$DOCUMENT_URI") != NULL) { |