From 9f4ce11a48af4ca986108006a6012fc1e69793b9 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 14 Apr 2021 21:45:21 -0700 Subject: [PATCH] tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 Signed-off-by: Victor Vieux --- docs/KNOWN_BUGS | 8 -------- src/tool_getparam.c | 32 +++++++++++++++++++++++++++++++- tests/data/test1015 | 4 ++-- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 475e9f82ee2736..243f678a68436a 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -48,7 +48,6 @@ problems may have been fixed or changed somewhat since this was written! 4.1 -J and -O with %-encoded file names 4.2 -J with -C - fails 4.3 --retry and transfer timeouts - 4.4 Improve --data-urlencode space encoding 5. Build and portability issues 5.1 OS400 port requires deprecated IBM library @@ -411,13 +410,6 @@ problems may have been fixed or changed somewhat since this was written! https://curl.se/mail/lib-2008-01/0080.html and Mandriva bug report https://qa.mandriva.com/show_bug.cgi?id=22565 -4.4 Improve --data-urlencode space encoding - - ASCII space characters in --data-urlencode are currently encoded as %20 - rather than +, which RFC 1866 says should be used. - - See https://github.com/curl/curl/issues/3229 - 5. Build and portability issues 5.1 OS400 port requires deprecated IBM library diff --git a/src/tool_getparam.c b/src/tool_getparam.c index f1393c37389c36..9356a4cb4deae0 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -442,6 +442,34 @@ void parse_cert_parameter(const char *cert_parameter, *certname_place = '\0'; } +/* Replace (in-place) '%20' by '+' according to RFC1866 */ +static size_t replace_url_encoded_space_by_plus(char *url) +{ + size_t orig_len = strlen(url); + size_t orig_index = 0; + size_t new_index = 0; + + while(orig_index < orig_len) { + if((url[orig_len] == '%') && + (url[orig_len + 1] == '2') && + (url[orig_len + 2] == '0')) { + url[new_index] = '+'; + orig_index += 3; + } + else{ + if(new_index != orig_index) { + url[new_index] = url[orig_index]; + } + orig_index++; + } + new_index++; + } + + url[new_index] = 0; /* terminate string */ + + return new_index + 1; /* new size */ +} + static void GetFileAndPassword(char *nextarg, char **file, char **password) { @@ -1422,9 +1450,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ char *enc = curl_easy_escape(NULL, postdata, (int)size); Curl_safefree(postdata); /* no matter if it worked or not */ if(enc) { + /* replace (in-place) '%20' by '+' acording to RFC1866 */ + size_t enclen = replace_url_encoded_space_by_plus(enc); /* now make a string with the name from above and append the encoded string */ - size_t outlen = nlen + strlen(enc) + 2; + size_t outlen = nlen + enclen + 2; char *n = malloc(outlen); if(!n) { curl_free(enc); diff --git a/tests/data/test1015 b/tests/data/test1015 index fc6ffc34445332..28412c2f793456 100644 --- a/tests/data/test1015 +++ b/tests/data/test1015 @@ -43,10 +43,10 @@ POST /%TESTNUMBER HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* -Content-Length: 133 +Content-Length: 119 Content-Type: application/x-www-form-urlencoded -my%20name%20is%20moo%5B%5D&y e s=s_i_r&v_alue=content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A&content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A +my+name+is+moo%5B%5D&y e s=s_i_r&v_alue=content+to+_%3F%21%23%24%27%7C%3C%3E%0A&content+to+_%3F%21%23%24%27%7C%3C%3E%0A