mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
URL path should be tokenized by / and then decoded (EJAB-786).
SVN Revision: 1679
This commit is contained in:
parent
9f110a6352
commit
91b328b7d5
@ -1,7 +1,8 @@
|
||||
2008-11-12 Badlop <badlop@process-one.net>
|
||||
|
||||
* src/web/ejabberd_http.erl: Include recognized headers in
|
||||
request_headers as atoms, and others as strings (EJAB-778)
|
||||
request_headers as atoms, and others as strings (EJAB-778).
|
||||
URL path should be tokenized by / and then decoded (EJAB-786).
|
||||
|
||||
* doc/guide.tex: Improve legibility of mod_irc example config
|
||||
|
||||
|
@ -327,13 +327,13 @@ process_request(#state{request_method = Method,
|
||||
{'EXIT', _} ->
|
||||
process_request(false);
|
||||
{NPath, Query} ->
|
||||
LPath = [path_decode(NPE) || NPE <- string:tokens(NPath, "/")],
|
||||
LQuery = case (catch parse_urlencoded(Query)) of
|
||||
{'EXIT', _Reason} ->
|
||||
[];
|
||||
LQ ->
|
||||
LQ
|
||||
end,
|
||||
LPath = string:tokens(NPath, "/"),
|
||||
{ok, IP} =
|
||||
case SockMod of
|
||||
gen_tcp ->
|
||||
@ -393,7 +393,7 @@ process_request(#state{request_method = Method,
|
||||
{'EXIT', _} ->
|
||||
process_request(false);
|
||||
{NPath, _Query} ->
|
||||
LPath = string:tokens(NPath, "/"),
|
||||
LPath = [path_decode(NPE) || NPE <- string:tokens(NPath, "/")],
|
||||
LQuery = case (catch parse_urlencoded(Data)) of
|
||||
{'EXIT', _Reason} ->
|
||||
[];
|
||||
@ -599,17 +599,9 @@ crypt(S) when is_binary(S) ->
|
||||
% notice as well as this list of conditions.
|
||||
|
||||
|
||||
%% url decode the path and return {Path, QueryPart}
|
||||
|
||||
%% @doc Split the URL and return {Path, QueryPart}
|
||||
url_decode_q_split(Path) ->
|
||||
url_decode_q_split(Path, []).
|
||||
|
||||
url_decode_q_split([$%, Hi, Lo | Tail], Ack) ->
|
||||
Hex = hex_to_integer([Hi, Lo]),
|
||||
if Hex == 0 -> exit(badurl);
|
||||
true -> ok
|
||||
end,
|
||||
url_decode_q_split(Tail, [Hex|Ack]);
|
||||
url_decode_q_split([$?|T], Ack) ->
|
||||
%% Don't decode the query string here, that is parsed separately.
|
||||
{path_norm_reverse(Ack), T};
|
||||
@ -618,6 +610,20 @@ url_decode_q_split([H|T], Ack) when H /= 0 ->
|
||||
url_decode_q_split([], Ack) ->
|
||||
{path_norm_reverse(Ack), []}.
|
||||
|
||||
%% @doc Decode a part of the URL and return string()
|
||||
path_decode(Path) ->
|
||||
path_decode(Path, []).
|
||||
path_decode([$%, Hi, Lo | Tail], Ack) ->
|
||||
Hex = hex_to_integer([Hi, Lo]),
|
||||
if Hex == 0 -> exit(badurl);
|
||||
true -> ok
|
||||
end,
|
||||
path_decode(Tail, [Hex|Ack]);
|
||||
path_decode([H|T], Ack) when H /= 0 ->
|
||||
path_decode(T, [H|Ack]);
|
||||
path_decode([], Ack) ->
|
||||
lists:reverse(Ack).
|
||||
|
||||
path_norm_reverse("/" ++ T) -> start_dir(0, "/", T);
|
||||
path_norm_reverse( T) -> start_dir(0, "", T).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user