From 2c93f9b5dc502e6bc4b7050a5676dc5d8e16f8f2 Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Sun, 21 Jun 2015 14:52:54 +0200
Subject: Also encode the query.

Discussed with Sebastien Marie
---
 httpd/server_http.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/httpd/server_http.c b/httpd/server_http.c
index 32b9e7d..c37e8d5 100644
--- a/httpd/server_http.c
+++ b/httpd/server_http.c
@@ -881,7 +881,7 @@ server_expand_http(struct client *clt, const char *val, char *buf,
 {
 	struct http_descriptor	*desc = clt->clt_descreq;
 	struct server_config	*srv_conf = clt->clt_srv_conf;
-	char			 ibuf[128], *str, *path;
+	char			 ibuf[128], *str, *path, *query;
 	int			 ret;
 
 	if (strlcpy(buf, val, len) >= len)
@@ -896,9 +896,15 @@ server_expand_http(struct client *clt, const char *val, char *buf,
 			return (NULL);
 	}
 	if (strstr(val, "$QUERY_STRING") != NULL) {
-		if (expand_string(buf, len, "$QUERY_STRING",
-		    desc->http_query == NULL ? "" :
-		    desc->http_query) != 0)
+		if (desc->http_query == NULL) {
+			ret = expand_string(buf, len, "$QUERY_STRING", "");
+		} else {
+			if ((query = url_encode(desc->http_query)) == NULL)
+				return (NULL);
+			ret = expand_string(buf, len, "$QUERY_STRING", query);
+			free(query);
+		}
+		if (ret != 0)
 			return (NULL);
 	}
 	if (strstr(val, "$REMOTE_") != NULL) {
@@ -934,9 +940,13 @@ server_expand_http(struct client *clt, const char *val, char *buf,
 		if (desc->http_query == NULL) {
 			str = path;
 		} else {
-			ret = asprintf(&str, "%s?%s",
-			    path, desc->http_query);
+			if ((query = url_encode(desc->http_query)) == NULL) {
+				free(path);
+				return (NULL);
+			}
+			ret = asprintf(&str, "%s?%s", path, query);
 			free(path);
+			free(query);
 			if (ret == -1)
 				return (NULL);
 		}
-- 
cgit v1.2.3-54-g00ecf


From 744267eb1f34a8852973f441256744ad535d2241 Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Sun, 21 Jun 2015 15:08:43 +0200
Subject: sync with -current

---
 httpd/server_http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpd/server_http.c b/httpd/server_http.c
index c37e8d5..472fe72 100644
--- a/httpd/server_http.c
+++ b/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_http.c,v 1.80 2015/05/20 09:28:47 kettenis Exp $	*/
+/*	$OpenBSD: server_http.c,v 1.81 2015/06/21 13:08:36 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
-- 
cgit v1.2.3-54-g00ecf