25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

URL path should be tokenized by / and then decoded (EJAB-786).

SVN Revision: 1679
This commit is contained in:
Badlop 2008-11-12 10:03:27 +00:00
parent 9f110a6352
commit 91b328b7d5
2 changed files with 21 additions and 14 deletions

View File

@ -1,7 +1,8 @@
2008-11-12 Badlop <badlop@process-one.net> 2008-11-12 Badlop <badlop@process-one.net>
* src/web/ejabberd_http.erl: Include recognized headers in * src/web/ejabberd_http.erl: Include recognized headers in
request_headers as atoms, and others as strings (EJAB-778) request_headers as atoms, and others as strings (EJAB-778).
URL path should be tokenized by / and then decoded (EJAB-786).
* doc/guide.tex: Improve legibility of mod_irc example config * doc/guide.tex: Improve legibility of mod_irc example config

View File

@ -327,13 +327,13 @@ process_request(#state{request_method = Method,
{'EXIT', _} -> {'EXIT', _} ->
process_request(false); process_request(false);
{NPath, Query} -> {NPath, Query} ->
LPath = [path_decode(NPE) || NPE <- string:tokens(NPath, "/")],
LQuery = case (catch parse_urlencoded(Query)) of LQuery = case (catch parse_urlencoded(Query)) of
{'EXIT', _Reason} -> {'EXIT', _Reason} ->
[]; [];
LQ -> LQ ->
LQ LQ
end, end,
LPath = string:tokens(NPath, "/"),
{ok, IP} = {ok, IP} =
case SockMod of case SockMod of
gen_tcp -> gen_tcp ->
@ -393,7 +393,7 @@ process_request(#state{request_method = Method,
{'EXIT', _} -> {'EXIT', _} ->
process_request(false); process_request(false);
{NPath, _Query} -> {NPath, _Query} ->
LPath = string:tokens(NPath, "/"), LPath = [path_decode(NPE) || NPE <- string:tokens(NPath, "/")],
LQuery = case (catch parse_urlencoded(Data)) of LQuery = case (catch parse_urlencoded(Data)) of
{'EXIT', _Reason} -> {'EXIT', _Reason} ->
[]; [];
@ -599,17 +599,9 @@ crypt(S) when is_binary(S) ->
% notice as well as this list of conditions. % notice as well as this list of conditions.
%% url decode the path and return {Path, QueryPart} %% @doc Split the URL and return {Path, QueryPart}
url_decode_q_split(Path) -> url_decode_q_split(Path) ->
url_decode_q_split(Path, []). url_decode_q_split(Path, []).
url_decode_q_split([$%, Hi, Lo | Tail], Ack) ->
Hex = hex_to_integer([Hi, Lo]),
if Hex == 0 -> exit(badurl);
true -> ok
end,
url_decode_q_split(Tail, [Hex|Ack]);
url_decode_q_split([$?|T], Ack) -> url_decode_q_split([$?|T], Ack) ->
%% Don't decode the query string here, that is parsed separately. %% Don't decode the query string here, that is parsed separately.
{path_norm_reverse(Ack), T}; {path_norm_reverse(Ack), T};
@ -618,6 +610,20 @@ url_decode_q_split([H|T], Ack) when H /= 0 ->
url_decode_q_split([], Ack) -> url_decode_q_split([], Ack) ->
{path_norm_reverse(Ack), []}. {path_norm_reverse(Ack), []}.
%% @doc Decode a part of the URL and return string()
path_decode(Path) ->
path_decode(Path, []).
path_decode([$%, Hi, Lo | Tail], Ack) ->
Hex = hex_to_integer([Hi, Lo]),
if Hex == 0 -> exit(badurl);
true -> ok
end,
path_decode(Tail, [Hex|Ack]);
path_decode([H|T], Ack) when H /= 0 ->
path_decode(T, [H|Ack]);
path_decode([], Ack) ->
lists:reverse(Ack).
path_norm_reverse("/" ++ T) -> start_dir(0, "/", T); path_norm_reverse("/" ++ T) -> start_dir(0, "/", T);
path_norm_reverse( T) -> start_dir(0, "", T). path_norm_reverse( T) -> start_dir(0, "", T).