Skip to content
Permalink
Browse files

redirect: when following redirects to an absolute URL, URL encode it

... to make it handle for example (RFC violating) embeded spaces.

Reported-by: momala454 on github
Fixes #4445
Closes #4447
  • Loading branch information...
bagder committed Oct 1, 2019
1 parent 2c20109 commit c6f250c4d6a8964a24d99aaf0e0cb81ab9cb293f
Showing with 78 additions and 1 deletion.
  1. +2 −1 lib/transfer.c
  2. +1 −0 tests/data/Makefile.inc
  3. +75 −0 tests/data/test662
@@ -1591,7 +1591,8 @@ CURLcode Curl_follow(struct Curl_easy *data,

DEBUGASSERT(data->state.uh);
uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl,
(type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : 0);
(type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME :
((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) );
if(uc) {
if(type != FOLLOW_FAKE)
return Curl_uc_to_curlcode(uc);
@@ -84,6 +84,7 @@ test626 test627 test628 test629 test630 test631 test632 test633 test634 \
test635 test636 test637 test638 test639 test640 test641 test642 \
test643 test644 test645 test646 test647 test648 test649 test650 test651 \
test652 test653 test654 test655 test656 test658 test659 test660 test661 \
test662 \
\
test700 test701 test702 test703 test704 test705 test706 test707 test708 \
test709 test710 test711 test712 test713 test714 test715 test716 test717 \
@@ -0,0 +1,75 @@
<testcase>
<info>
<keywords>
HTTP
HTTP GET
followlocation
</keywords>
</info>
#
# Server-side
<reply>
<data>
HTTP/1.1 302 OK
Location: http://example.net/tes t case=/6620002
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 0

</data>
<data2>
HTTP/1.1 200 OK
Location: this should be ignored
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 5

body
</data2>
<datacheck>
HTTP/1.1 302 OK
Location: http://example.net/tes t case=/6620002
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 0

HTTP/1.1 200 OK
Location: this should be ignored
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 5

body
</datacheck>
</reply>

#
# Client-side
<client>
<server>
http
</server>
<name>
HTTP redirect with whitespace in absolute Location: URL
</name>
<command>
http://example.com/please/gimme/662 -L -x http://%HOSTIP:%HTTPPORT
</command>
</client>

#
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://example.com/please/gimme/662 HTTP/1.1
Host: example.com
Accept: */*
Proxy-Connection: Keep-Alive

GET http://example.net/tes%20t%20case=/6620002 HTTP/1.1
Host: example.net
Accept: */*
Proxy-Connection: Keep-Alive

</protocol>
</verify>
</testcase>

0 comments on commit c6f250c

Please sign in to comment.
You can’t perform that action at this time.