diff options
| author | Reyk Floeter <reyk@esdenera.com> | 2015-06-22 13:50:36 +0200 |
|---|---|---|
| committer | Reyk Floeter <reyk@esdenera.com> | 2015-06-22 13:50:36 +0200 |
| commit | ada83f819308cab0c92bcba37a152a655782157b (patch) | |
| tree | 0af254735a879258b3de5a0cf7ccef2dfabcc213 | |
| parent | 744267eb1f34a8852973f441256744ad535d2241 (diff) | |
| download | httpd-ada83f819308cab0c92bcba37a152a655782157b.tar.gz httpd-ada83f819308cab0c92bcba37a152a655782157b.zip | |
sync with -current:
After the last change, we also have to url_encode $SERVER_NAME and
$REMOTE_USER before using them in the Location.
From Sebastien Marie (semarie)
| -rw-r--r-- | httpd/server_http.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/httpd/server_http.c b/httpd/server_http.c index 472fe72..37555f8 100644 --- a/httpd/server_http.c +++ b/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.81 2015/06/21 13:08:36 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.82 2015/06/22 11:46:06 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -925,12 +925,15 @@ server_expand_http(struct client *clt, const char *val, char *buf, } if (strstr(val, "$REMOTE_USER") != NULL) { if ((srv_conf->flags & SRVFLAG_AUTH) && - clt->clt_remote_user != NULL) - str = clt->clt_remote_user; - else - str = ""; - if (expand_string(buf, len, - "$REMOTE_USER", str) != 0) + clt->clt_remote_user != NULL) { + if ((str = url_encode(clt->clt_remote_user)) + == NULL) + return (NULL); + } else + str = strdup(""); + ret = expand_string(buf, len, "$REMOTE_USER", str); + free(str); + if (ret != 0) return (NULL); } } @@ -973,8 +976,12 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); } if (strstr(val, "$SERVER_NAME") != NULL) { - if (expand_string(buf, len, - "$SERVER_NAME", srv_conf->name) != 0) + if ((str = url_encode(srv_conf->name)) + == NULL) + return (NULL); + ret = expand_string(buf, len, "$SERVER_NAME", str); + free(str); + if (ret != 0) return (NULL); } } |