Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / bf9c2fcd938ab4996d4eb98823c6128014e4f1fe^! / .
commitbf9c2fcd938ab4996d4eb98823c6128014e4f1fe[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue May 31 18:06:18 2011 +0200
committerWilly Tarreau <w@1wt.eu>Tue May 31 22:44:28 2011 +0200
tree0d49cd76fe017576e43e969092e7e84d4c347f56
parent44702af019576cc68979056982ac06cf36ff88ed [diff]
[BUG] stats: support url-encoded forms

Bashkim Kasa reported that the stats admin page did not work when colons
were used in server or backend names. This was caused by url-encoding
resulting in ':' being sent as '%3A'. Now we systematically decode the
field names and values to fix this issue.

diff --git a/include/common/standard.h b/include/common/standard.h
index 0082087..769aec6 100644
--- a/include/common/standard.h
+++ b/include/common/standard.h

@@ -227,6 +227,13 @@
 		    const char escape, const fd_set *map,
 		    const char *string);
 
+/* Decode an URL-encoded string in-place. The resulting string might
+ * be shorter. If some forbidden characters are found, the conversion is
+ * aborted, the string is truncated before the issue and non-zero is returned,
+ * otherwise the operation returns non-zero indicating success.
+ */
+int url_decode(char *string);
+
 /* This one is 6 times faster than strtoul() on athlon, but does
  * no check at all.
  */

diff --git a/src/proto_http.c b/src/proto_http.c
index 1fc7c94..69232f9 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c

@@ -2932,6 +2932,9 @@
 				*value++ = '\0';
 			}
 
+			if (!url_decode(key) || !url_decode(value))
+				break;
+
 			/* Now we can check the key to see what to do */
 			if (!backend && strcmp(key, "b") == 0) {
 				backend = value;

diff --git a/src/standard.c b/src/standard.c
index d3b9ef7..5c27bdb 100644
--- a/src/standard.c
+++ b/src/standard.c

@@ -601,6 +601,40 @@
 	return start;
 }
 
+/* Decode an URL-encoded string in-place. The resulting string might
+ * be shorter. If some forbidden characters are found, the conversion is
+ * aborted, the string is truncated before the issue and non-zero is returned,
+ * otherwise the operation returns non-zero indicating success.
+ */
+int url_decode(char *string)
+{
+	char *in, *out;
+	int ret = 0;
+
+	in = string;
+	out = string;
+	while (*in) {
+		switch (*in) {
+		case '+' :
+			*out++ = ' ';
+			break;
+		case '%' :
+			if (!ishex(in[1]) || !ishex(in[2]))
+				goto end;
+			*out++ = (hex2i(in[1]) << 4) + hex2i(in[2]);
+			in += 2;
+			break;
+		default:
+			*out++ = *in;
+			break;
+		}
+		in++;
+	}
+	ret = 1; /* success */
+ end:
+	*out = 0;
+	return ret;
+}
 
 unsigned int str2ui(const char *s)
 {