From 1b4ad51d0a49e96f1af79498afdb509a3c70b784 Mon Sep 17 00:00:00 2001 From: Gaucho316 Date: Sat, 29 Dec 2012 17:53:05 +0100 Subject: [PATCH] nhttpd: don't decode URL parameters multiple times --- .../tuxboxapi/coolstream/controlapi.cpp | 2 +- src/nhttpd/yhttpd_core/helper.cpp | 2 +- src/nhttpd/yhttpd_core/yrequest.cpp | 19 ++++++++++++------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/nhttpd/tuxboxapi/coolstream/controlapi.cpp b/src/nhttpd/tuxboxapi/coolstream/controlapi.cpp index fc902669d..f212fab5f 100644 --- a/src/nhttpd/tuxboxapi/coolstream/controlapi.cpp +++ b/src/nhttpd/tuxboxapi/coolstream/controlapi.cpp @@ -1569,7 +1569,7 @@ void CControlAPI::StartPluginCGI(CyhookHandler *hh) if (hh->ParamList["name"] != "") { pluginname = hh->ParamList["name"]; - pluginname=decodeString(pluginname); + //pluginname=decodeString(pluginname); NeutrinoAPI->EventServer->sendEvent(NeutrinoMessages::EVT_START_PLUGIN, CEventServer::INITID_HTTPD, (void *) pluginname.c_str(), diff --git a/src/nhttpd/yhttpd_core/helper.cpp b/src/nhttpd/yhttpd_core/helper.cpp index e2449fbbd..d8a6630aa 100644 --- a/src/nhttpd/yhttpd_core/helper.cpp +++ b/src/nhttpd/yhttpd_core/helper.cpp @@ -214,7 +214,7 @@ std::string decodeString(std::string encodedString) { return result; } //----------------------------------------------------------------------------- -// Encode URLEncoded std::string +// HTMLEncode std::string //----------------------------------------------------------------------------- std::string encodeString(std::string decodedString) { unsigned int len = sizeof(char) * decodedString.length() * 5 + 1; diff --git a/src/nhttpd/yhttpd_core/yrequest.cpp b/src/nhttpd/yhttpd_core/yrequest.cpp index f684f9ddd..679b5c1ce 100644 --- a/src/nhttpd/yhttpd_core/yrequest.cpp +++ b/src/nhttpd/yhttpd_core/yrequest.cpp @@ -160,6 +160,7 @@ bool CWebserverRequest::ParseParams(std::string param_string) { if (!ySplitStringExact(param_string, "&", param, param_string)) ende = true; if (ySplitStringExact(param, "=", name, value)) { + name = decodeString(name); value = trim(decodeString(value)); if (ParameterList[name].empty()) ParameterList[name] = value; @@ -168,11 +169,10 @@ bool CWebserverRequest::ParseParams(std::string param_string) { ParameterList[name] += value; } } + else + name = trim(decodeString(name)); number = string_printf("%d", ParameterList.size() + 1); log_level_printf(7, "ParseParams: name: %s value: %s\n", name.c_str(), value.c_str()); - if(value.empty()){ - name = trim(decodeString(name)); - } ParameterList[number] = name; } return true; @@ -212,19 +212,24 @@ bool CWebserverRequest::ParseHeader(std::string header) { // query data is splitted and stored in ParameterList //----------------------------------------------------------------------------- void CWebserverRequest::analyzeURL(std::string url) { + std::string fullurl = ""; if(!ParameterList.empty()) ParameterList.clear(); + // URI decode - url = trim(url, "\r\n"); // non-HTTP-Standard: allow \r or \n in URL. Delete it. - UrlData["fullurl"] = url; + fullurl = decodeString(url); + fullurl = trim(fullurl, "\r\n"); // non-HTTP-Standard: allow \r or \n in URL. Delete it. + UrlData["fullurl"] = fullurl; + // split Params if (ySplitString(url, "?", UrlData["url"], UrlData["paramstring"])){ // split pure URL and all Params + UrlData["url"] = decodeString(UrlData["url"]); ParseParams( UrlData["paramstring"]); // split params to ParameterList }else{ // No Params - url = decodeString(url); - UrlData["url"] = url; + UrlData["url"] = fullurl; } + if (!ySplitStringLast(UrlData["url"], "/", UrlData["path"], UrlData["filename"])) { UrlData["path"] = "/"; // Set "/" if not contained