From 691d0b08f4415ceef1020fc28a99b8e5c4fe3822 Mon Sep 17 00:00:00 2001
From: Fabrizio Furano <furano@cern.ch>
Date: Fri, 20 May 2016 13:47:13 +0200
Subject: [PATCH] Sanitize path by removing repeated slashes, which would
 confuse the browser when used in the html rendering

---
 src/XrdHttp/XrdHttpReq.cc | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/XrdHttp/XrdHttpReq.cc b/src/XrdHttp/XrdHttpReq.cc
index d61cb4b28d8..c970ae3690f 100644
--- a/src/XrdHttp/XrdHttpReq.cc
+++ b/src/XrdHttp/XrdHttpReq.cc
@@ -638,10 +638,19 @@ void XrdHttpReq::appendOpaque(XrdOucString &s, XrdSecEntity *secent, char *hash,
 void XrdHttpReq::parseResource(char *res) {
   // Look for the first '?'
   char *p = strchr(res, '?');
-
+  
   // Not found, then it's just a filename
   if (!p) {
     resource.assign(res, 0);
+    
+    // Sanitize the resource string, removing double slashes
+    int pos;
+    do { 
+      pos = resource.find("//", pos);
+      if (pos != STR_NPOS)
+        resource.erase(pos, 1);
+    } while (pos != STR_NPOS);
+    
     return;
   }
 
@@ -653,7 +662,15 @@ void XrdHttpReq::parseResource(char *res) {
   // Whatever comes after is opaque data to be parsed
   if (strlen(p) > 1)
     opaque = new XrdOucEnv(p + 1);
-
+    
+  // Sanitize the resource string, removing double slashes
+  int pos;
+  do { 
+    pos = resource.find("//", pos);
+    if (pos != STR_NPOS)
+      resource.erase(pos, 1);
+  } while (pos != STR_NPOS);
+  
 }
 
 int XrdHttpReq::ProcessHTTPReq() {