mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-09-19 18:00:23 +03:00
URL decode data after splitting the arguments
Data decoding should happen after the parsing if not, a '?', '&', '#' or other character decoded will interfere with the parsing. e.g. the users password contains a '&', then it is truncated on that character, and login will fail.
This commit is contained in:
Nicolai Dagestad
parent
31ce1af736
commit
ba5cbb6d82
12
mastoapi.c
12
mastoapi.c
@ -262,8 +262,7 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
|
||||
}
|
||||
else
|
||||
if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded") && payload) {
|
||||
xs *upl = xs_url_dec(payload);
|
||||
args = xs_url_vars(upl);
|
||||
args = xs_url_vars(payload);
|
||||
}
|
||||
else
|
||||
args = xs_dup(xs_dict_get(req, "p_vars"));
|
||||
@ -2361,8 +2360,7 @@ int mastoapi_post_handler(const xs_dict *req, const char *q_path,
|
||||
{
|
||||
// Some apps send form data instead of json so we should cater for those
|
||||
if (!xs_is_null(payload)) {
|
||||
xs *upl = xs_url_dec(payload);
|
||||
args = xs_url_vars(upl);
|
||||
args = xs_url_vars(payload);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -2959,8 +2957,7 @@ int mastoapi_delete_handler(const xs_dict *req, const char *q_path,
|
||||
{
|
||||
// Some apps send form data instead of json so we should cater for those
|
||||
if (!xs_is_null(payload)) {
|
||||
xs *upl = xs_url_dec(payload);
|
||||
args = xs_url_vars(upl);
|
||||
args = xs_url_vars(payload);
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -3194,8 +3191,7 @@ int mastoapi_patch_handler(const xs_dict *req, const char *q_path,
|
||||
{
|
||||
// Some apps send form data instead of json so we should cater for those
|
||||
if (!xs_is_null(payload)) {
|
||||
xs *upl = xs_url_dec(payload);
|
||||
args = xs_url_vars(upl);
|
||||
args = xs_url_vars(payload);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
@ -179,8 +179,7 @@ xs_dict *xs_fcgi_request(FILE *f, xs_str **payload, int *p_size, int *fcgi_id)
|
||||
req = xs_dict_append(req, "method", v);
|
||||
else
|
||||
if (strcmp(k, "REQUEST_URI") == 0) {
|
||||
xs *udp = xs_url_dec(v);
|
||||
xs *pnv = xs_split_n(udp, "?", 1);
|
||||
xs *pnv = xs_split_n(v, "?", 1);
|
||||
|
||||
/* store the path */
|
||||
req = xs_dict_append(req, "path", xs_list_get(pnv, 0));
|
||||
@ -233,8 +232,7 @@ xs_dict *xs_fcgi_request(FILE *f, xs_str **payload, int *p_size, int *fcgi_id)
|
||||
const char *ct = xs_dict_get(req, "content-type");
|
||||
|
||||
if (*payload && ct && strcmp(ct, "application/x-www-form-urlencoded") == 0) {
|
||||
xs *upl = xs_url_dec(*payload);
|
||||
p_vars = xs_url_vars(upl);
|
||||
p_vars = xs_url_vars(*payload);
|
||||
}
|
||||
else
|
||||
if (*payload && ct && xs_startswith(ct, "multipart/form-data")) {
|
||||
|
||||
@ -36,7 +36,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
|
||||
|
||||
{
|
||||
/* split the path with its optional variables */
|
||||
xs *udp = xs_url_dec(xs_list_get(l2, 1));
|
||||
const xs_val *udp = xs_list_get(l2, 1);
|
||||
xs *pnv = xs_split_n(udp, "?", 1);
|
||||
|
||||
/* store the path */
|
||||
@ -75,8 +75,7 @@ xs_dict *xs_httpd_request(FILE *f, xs_str **payload, int *p_size)
|
||||
v = xs_dict_get(req, "content-type");
|
||||
|
||||
if (*payload && v && strcmp(v, "application/x-www-form-urlencoded") == 0) {
|
||||
xs *upl = xs_url_dec(*payload);
|
||||
p_vars = xs_url_vars(upl);
|
||||
p_vars = xs_url_vars(*payload);
|
||||
}
|
||||
else
|
||||
if (*payload && v && xs_startswith(v, "multipart/form-data")) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user