From 6c8ff3e71101c8d437eaaffb17e06b448f87c564 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Mon, 22 Jun 2015 11:46:07 +0000 Subject: After the last change, we also have to url_encode $SERVER_NAME and $REMOTE_USER before using them in the Location. From Sebastien Marie (semarie) --- usr.sbin/httpd/server_http.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 472fe728100..37555f84a36 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.81 2015/06/21 13:08:36 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.82 2015/06/22 11:46:06 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -925,12 +925,15 @@ server_expand_http(struct client *clt, const char *val, char *buf, } if (strstr(val, "$REMOTE_USER") != NULL) { if ((srv_conf->flags & SRVFLAG_AUTH) && - clt->clt_remote_user != NULL) - str = clt->clt_remote_user; - else - str = ""; - if (expand_string(buf, len, - "$REMOTE_USER", str) != 0) + clt->clt_remote_user != NULL) { + if ((str = url_encode(clt->clt_remote_user)) + == NULL) + return (NULL); + } else + str = strdup(""); + ret = expand_string(buf, len, "$REMOTE_USER", str); + free(str); + if (ret != 0) return (NULL); } } @@ -973,8 +976,12 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); } if (strstr(val, "$SERVER_NAME") != NULL) { - if (expand_string(buf, len, - "$SERVER_NAME", srv_conf->name) != 0) + if ((str = url_encode(srv_conf->name)) + == NULL) + return (NULL); + ret = expand_string(buf, len, "$SERVER_NAME", str); + free(str); + if (ret != 0) return (NULL); } } -- cgit v1.2.3