Permalink
Browse files

Fix passing a URL key/value containing %26 (escaped &)

It seems that this code *only* deals with Parameters in the URL (maybe on POST
too), but not in SOAP requests from UPnP clients.  It should be a benign
change to not mess with %26 in the params string before splitting on &.  Any
self-respecting client will know that & separates the keys, and not to escape
them.  If this breaks any specific clients, we will have to put in a workaround
for the broken client perhaps.

Fixes #8132.
  • Loading branch information...
1 parent 919163d commit f76028ba35811818f75c3d39faa4479b024bc846 @Beirdo Beirdo committed Feb 15, 2011
Showing with 5 additions and 1 deletion.
  1. +5 −1 mythtv/libs/libmythupnp/httprequest.cpp
@@ -837,7 +837,11 @@ long HTTPRequest::GetParameters( QString sParams, QStringMap &mapParams )
{
long nCount = 0;
- sParams.replace( "%26", "&" );
+ VERBOSE(VB_UPNP|VB_EXTRA, QString("sParams: '%1'").arg(sParams));
+
+ // This looks odd, but it is here to cope with stupid UPnP clients that
+ // forget to de-escape the URLs. We can't map %26 here as well, as that
+ // breaks anything that is trying to pass & as part of a name or value.
sParams.replace( "&", "&" );
if (sParams.length() > 0)

0 comments on commit f76028b

Please sign in to comment.