mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-22 05:15:04 +00:00
URL decode data after splitting the arguments
Data decoding should happen after the parsing if not, a '?', '&', '#' or other character decoded will interfere with the parsing. e.g. the users password contains a '&', then it is truncated on that character, and login will fail.
This commit is contained in:
parent
31ce1af736
commit
ba5cbb6d82
4 changed files with 9 additions and 16 deletions
12
mastoapi.c
12
mastoapi.c
|
@ -262,8 +262,7 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded") && payload) {
|
if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded") && payload) {
|
||||||
xs *upl = xs_url_dec(payload);
|
args = xs_url_vars(payload);
|
||||||
args = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
args = xs_dup(xs_dict_get(req, "p_vars"));
|
args = xs_dup(xs_dict_get(req, "p_vars"));
|
||||||
|
@ -2361,8 +2360,7 @@ int mastoapi_post_handler(const xs_dict *req, const char *q_path,
|
||||||
{
|
{
|
||||||
// Some apps send form data instead of json so we should cater for those
|
// Some apps send form data instead of json so we should cater for those
|
||||||
if (!xs_is_null(payload)) {
|
if (!xs_is_null(payload)) {
|
||||||
xs *upl = xs_url_dec(payload);
|
args = xs_url_vars(payload);
|
||||||
args = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -2959,8 +2957,7 @@ int mastoapi_delete_handler(const xs_dict *req, const char *q_path,
|
||||||
{
|
{
|
||||||
// Some apps send form data instead of json so we should cater for those
|
// Some apps send form data instead of json so we should cater for those
|
||||||
if (!xs_is_null(payload)) {
|
if (!xs_is_null(payload)) {
|
||||||
xs *upl = xs_url_dec(payload);
|
args = xs_url_vars(payload);
|
||||||
args = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -3194,8 +3191,7 @@ int mastoapi_patch_handler(const xs_dict *req, const char *q_path,
|
||||||
{
|
{
|
||||||
// Some apps send form data instead of json so we should cater for those
|
// Some apps send form data instead of json so we should cater for those
|
||||||
if (!xs_is_null(payload)) {
|
if (!xs_is_null(payload)) {
|
||||||
xs *upl = xs_url_dec(payload);
|
args = xs_url_vars(payload);
|
||||||
args = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
@ -179,8 +179,7 @@ xs_dict *xs_fcgi_request(FILE *f, xs_str **payload, int *p_size, int *fcgi_id)
|
||||||
req = xs_dict_append(req, "method", v);
|
req = xs_dict_append(req, "method", v);
|
||||||
else
|
else
|
||||||
if (strcmp(k, "REQUEST_URI") == 0) {
|
if (strcmp(k, "REQUEST_URI") == 0) {
|
||||||
xs *udp = xs_url_dec(v);
|
xs *pnv = xs_split_n(v, "?", 1);
|
||||||
xs *pnv = xs_split_n(udp, "?", 1);
|
|
||||||
|
|
||||||
/* store the path */
|
/* store the path */
|
||||||
req = xs_dict_append(req, "path", xs_list_get(pnv, 0));
|
req = xs_dict_append(req, "path", xs_list_get(pnv, 0));
|
||||||
|
@ -233,8 +232,7 @@ xs_dict *xs_fcgi_request(FILE *f, xs_str **payload, int *p_size, int *fcgi_id)
|
||||||
const char *ct = xs_dict_get(req, "content-type");
|
const char *ct = xs_dict_get(req, "content-type");
|
||||||
|
|
||||||
if (*payload && ct && strcmp(ct, "application/x-www-form-urlencoded") == 0) {
|
if (*payload && ct && strcmp(ct, "application/x-www-form-urlencoded") == 0) {
|
||||||
xs *upl = xs_url_dec(*payload);
|
p_vars = xs_url_vars(*payload);
|
||||||
p_vars = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if (*payload && ct && xs_startswith(ct, "multipart/form-data")) {
|
if (*payload && ct && xs_startswith(ct, "multipart/form-data")) {
|
||||||
|
|
|
@ -36,7 +36,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
|
||||||
|
|
||||||
{
|
{
|
||||||
/* split the path with its optional variables */
|
/* split the path with its optional variables */
|
||||||
xs *udp = xs_url_dec(xs_list_get(l2, 1));
|
const xs_val *udp = xs_list_get(l2, 1);
|
||||||
xs *pnv = xs_split_n(udp, "?", 1);
|
xs *pnv = xs_split_n(udp, "?", 1);
|
||||||
|
|
||||||
/* store the path */
|
/* store the path */
|
||||||
|
@ -75,8 +75,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
|
||||||
v = xs_dict_get(req, "content-type");
|
v = xs_dict_get(req, "content-type");
|
||||||
|
|
||||||
if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) {
|
if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) {
|
||||||
xs *upl = xs_url_dec(*payload);
|
p_vars = xs_url_vars(*payload);
|
||||||
p_vars = xs_url_vars(upl);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if (*payload && v && xs_startswith(v, "multipart/form-data")) {
|
if (*payload && v && xs_startswith(v, "multipart/form-data")) {
|
||||||
|
|
2
xs_url.h
2
xs_url.h
|
@ -53,7 +53,7 @@ xs_dict *xs_url_vars(const char *str)
|
||||||
const xs_val *v;
|
const xs_val *v;
|
||||||
|
|
||||||
xs_list_foreach(args, v) {
|
xs_list_foreach(args, v) {
|
||||||
xs *kv = xs_split_n(v, "=", 1);
|
xs *kv = xs_split_n(xs_url_dec(v), "=", 1);
|
||||||
|
|
||||||
if (xs_list_len(kv) == 2) {
|
if (xs_list_len(kv) == 2) {
|
||||||
const char *key = xs_list_get(kv, 0);
|
const char *key = xs_list_get(kv, 0);
|
||||||
|
|
Loading…
Reference in a new issue