From ada83f819308cab0c92bcba37a152a655782157b Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Mon, 22 Jun 2015 13:50:36 +0200
Subject: sync with -current: After the last change, we also have to url_encode
 $SERVER_NAME and $REMOTE_USER before using them in the Location.

From Sebastien Marie (semarie)
---
 httpd/server_http.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/httpd/server_http.c b/httpd/server_http.c
index 472fe72..37555f8 100644
--- a/httpd/server_http.c
+++ b/httpd/server_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: server_http.c,v 1.81 2015/06/21 13:08:36 reyk Exp $	*/
+/*	$OpenBSD: server_http.c,v 1.82 2015/06/22 11:46:06 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -925,12 +925,15 @@ server_expand_http(struct client *clt, const char *val, char *buf,
 		}
 		if (strstr(val, "$REMOTE_USER") != NULL) {
 			if ((srv_conf->flags & SRVFLAG_AUTH) &&
-			    clt->clt_remote_user != NULL)
-				str = clt->clt_remote_user;
-			else
-				str = "";
-			if (expand_string(buf, len,
-			    "$REMOTE_USER", str) != 0)
+			    clt->clt_remote_user != NULL) {
+				if ((str = url_encode(clt->clt_remote_user))
+				    == NULL)
+					return (NULL);
+			} else
+				str = strdup("");
+			ret = expand_string(buf, len, "$REMOTE_USER", str);
+			free(str);
+			if (ret != 0)
 				return (NULL);
 		}
 	}
@@ -973,8 +976,12 @@ server_expand_http(struct client *clt, const char *val, char *buf,
 				return (NULL);
 		}
 		if (strstr(val, "$SERVER_NAME") != NULL) {
-			if (expand_string(buf, len,
-			    "$SERVER_NAME", srv_conf->name) != 0)
+			if ((str = url_encode(srv_conf->name)) 
+			     == NULL)
+				return (NULL);
+			ret = expand_string(buf, len, "$SERVER_NAME", str);
+			free(str);
+			if (ret != 0)
 				return (NULL);
 		}
 	}
-- 
cgit v1.2.3-54-g00ecf