diff options
author | Emmanuel Vasilakis <mrzammler@mm.st> | 2023-07-18 14:33:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-18 14:33:18 +0300 |
commit | a8055794b948f996d0f327ce4390c52ba18bcf0b (patch) | |
tree | 0b20be8a2ec2aa8c821cbd1aed5fd2c118f21e60 /web | |
parent | f427d80b9e1dc28e8874322cea0b06d4c7123752 (diff) |
Decode url before checking for question mark (#15422)
* decode url before checking for question mark
* use only buffer
* dont populate url_query_string_decoded when no question mark
Diffstat (limited to 'web')
-rw-r--r-- | web/server/web_client.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/web/server/web_client.c b/web/server/web_client.c index c79649e122..1a1d631559 100644 --- a/web/server/web_client.c +++ b/web/server/web_client.c @@ -2259,7 +2259,6 @@ ssize_t web_client_receive(struct web_client *w) return(bytes); } - void web_client_decode_path_and_query_string(struct web_client *w, const char *path_and_query_string) { char buffer[NETDATA_WEB_REQUEST_URL_SIZE + 2]; buffer[0] = '\0'; @@ -2281,29 +2280,24 @@ void web_client_decode_path_and_query_string(struct web_client *w, const char *p } else { // in non-stream mode, there is a path - // FIXME - the way this is implemented, query string params never accept the symbol &, not even encoded as %26 // To support the symbol & in query string params, we need to turn the url_query_string_decoded into a // dictionary and decode each of the parameters individually. // OR: in url_query_string_decoded use as separator a control character that cannot appear in the URL. - char *question_mark_start = strchr(path_and_query_string, '?'); - if (question_mark_start) - url_decode_r(buffer, question_mark_start, NETDATA_WEB_REQUEST_URL_SIZE + 1); - - buffer[NETDATA_WEB_REQUEST_URL_SIZE + 1] = '\0'; - buffer_strcat(w->url_query_string_decoded, buffer); + url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1); + char *question_mark_start = strchr(buffer, '?'); if (question_mark_start) { + buffer_strcat(w->url_query_string_decoded, question_mark_start); char c = *question_mark_start; *question_mark_start = '\0'; - url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1); + buffer_strcat(w->url_path_decoded, buffer); *question_mark_start = c; - } else - url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1); - - buffer[NETDATA_WEB_REQUEST_URL_SIZE + 1] = '\0'; - buffer_strcat(w->url_path_decoded, buffer); + } else { + buffer_strcat(w->url_query_string_decoded, ""); + buffer_strcat(w->url_path_decoded, buffer); + } } } |