mirrors/neutrino
1
0
Fork 0
mirror of https://github.com/tuxbox-neutrino/neutrino.git synced 2025-08-27 07:23:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

nhttpd: don't decode URL parameters multiple times

Browse Source
This commit is contained in:
Gaucho316
2012-12-29 17:53:05 +01:00
committed by micha-bbg
parent 4965619a79
commit 1b4ad51d0a
3 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nhttpd/tuxboxapi/coolstream/controlapi.cpp
View File

@@ -1569,7 +1569,7 @@ void CControlAPI::StartPluginCGI(CyhookHandler *hh)
if (hh->ParamList["name"] != "") if (hh->ParamList["name"] != "")
{ {
pluginname = hh->ParamList["name"]; pluginname = hh->ParamList["name"];
pluginname=decodeString(pluginname); //pluginname=decodeString(pluginname);
NeutrinoAPI->EventServer->sendEvent(NeutrinoMessages::EVT_START_PLUGIN, NeutrinoAPI->EventServer->sendEvent(NeutrinoMessages::EVT_START_PLUGIN,
CEventServer::INITID_HTTPD, CEventServer::INITID_HTTPD,
(void *) pluginname.c_str(), (void *) pluginname.c_str(),

2
src/nhttpd/yhttpd_core/helper.cpp
View File

@@ -214,7 +214,7 @@ std::string decodeString(std::string encodedString) {
return result; return result;
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Encode URLEncoded std::string // HTMLEncode std::string
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
std::string encodeString(std::string decodedString) { std::string encodeString(std::string decodedString) {
unsigned int len = sizeof(char) * decodedString.length() * 5 + 1; unsigned int len = sizeof(char) * decodedString.length() * 5 + 1;

19
src/nhttpd/yhttpd_core/yrequest.cpp
View File

@@ -160,6 +160,7 @@ bool CWebserverRequest::ParseParams(std::string param_string) {
if (!ySplitStringExact(param_string, "&", param, param_string)) if (!ySplitStringExact(param_string, "&", param, param_string))
ende = true; ende = true;
if (ySplitStringExact(param, "=", name, value)) { if (ySplitStringExact(param, "=", name, value)) {
name = decodeString(name);
value = trim(decodeString(value)); value = trim(decodeString(value));
if (ParameterList[name].empty()) if (ParameterList[name].empty())
ParameterList[name] = value; ParameterList[name] = value;
@@ -168,11 +169,10 @@ bool CWebserverRequest::ParseParams(std::string param_string) {
ParameterList[name] += value; ParameterList[name] += value;
} }
} }
else
name = trim(decodeString(name));
number = string_printf("%d", ParameterList.size() + 1); number = string_printf("%d", ParameterList.size() + 1);
log_level_printf(7, "ParseParams: name: %s value: %s\n", name.c_str(), value.c_str()); log_level_printf(7, "ParseParams: name: %s value: %s\n", name.c_str(), value.c_str());
if(value.empty()){
name = trim(decodeString(name));
}
ParameterList[number] = name; ParameterList[number] = name;
} }
return true; return true;
@@ -212,19 +212,24 @@ bool CWebserverRequest::ParseHeader(std::string header) {
// query data is splitted and stored in ParameterList // query data is splitted and stored in ParameterList
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void CWebserverRequest::analyzeURL(std::string url) { void CWebserverRequest::analyzeURL(std::string url) {
std::string fullurl = "";
if(!ParameterList.empty()) if(!ParameterList.empty())
ParameterList.clear(); ParameterList.clear();
// URI decode // URI decode
url = trim(url, "\r\n"); // non-HTTP-Standard: allow \r or \n in URL. Delete it. fullurl = decodeString(url);
UrlData["fullurl"] = url; fullurl = trim(fullurl, "\r\n"); // non-HTTP-Standard: allow \r or \n in URL. Delete it.
UrlData["fullurl"] = fullurl;
// split Params // split Params
if (ySplitString(url, "?", UrlData["url"], UrlData["paramstring"])){ // split pure URL and all Params if (ySplitString(url, "?", UrlData["url"], UrlData["paramstring"])){ // split pure URL and all Params
UrlData["url"] = decodeString(UrlData["url"]);
ParseParams( UrlData["paramstring"]); // split params to ParameterList ParseParams( UrlData["paramstring"]); // split params to ParameterList
}else{ }else{
// No Params // No Params
url = decodeString(url); UrlData["url"] = fullurl;
UrlData["url"] = url;
} }
if (!ySplitStringLast(UrlData["url"], "/", UrlData["path"], if (!ySplitStringLast(UrlData["url"], "/", UrlData["path"],
UrlData["filename"])) { UrlData["filename"])) {
UrlData["path"] = "/"; // Set "/" if not contained UrlData["path"] = "/"; // Set "/" if not contained