? .gdbinit
? bozohttpd
? bozohttpd.html8
? testsuite/tmp.t1.out
? testsuite/tmp.t10.out
? testsuite/tmp.t2.out
? testsuite/tmp.t3.out
? testsuite/tmp.t4.out
? testsuite/tmp.t5.out
? testsuite/tmp.t6.out
? testsuite/tmp.t7.out
? testsuite/tmp.t8.out
? testsuite/tmp.t9.out
Index: CHANGES
===================================================================
RCS file: /home/cvs/bozohttpd/CHANGES,v
retrieving revision 1.78
diff -p -r1.78 CHANGES
*** CHANGES 18 Nov 2011 01:25:11 -0000 1.78
--- CHANGES 18 Jul 2012 08:23:43 -0000
***************
*** 1,5 ****
--- 1,8 ----
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
+ changes since bozohttpd 20111118:
+ o properly escape generated URIs
+
changes since bozohttpd 20100920:
o add -P option, from jmmv@netbsd.org
o avoid crashes with http basic auth, from pooka@netbsd.org
Index: bozohttpd.c
===================================================================
RCS file: /home/cvs/bozohttpd/bozohttpd.c,v
retrieving revision 1.178
diff -p -r1.178 bozohttpd.c
*** bozohttpd.c 18 Nov 2011 09:21:15 -0000 1.178
--- bozohttpd.c 18 Jul 2012 08:23:43 -0000
*************** parse_http_date(const char *val, time_t
*** 842,847 ****
--- 842,905 ----
}
/*
+ * given an url, encode it ala rfc 3986. ie, escape ? and friends.
+ * note that this function returns a static buffer, and thus needs
+ * to be updated for any sort of parallel processing.
+ */
+ char *
+ escape_rfc3986(bozohttpd_t *httpd, const char *url)
+ {
+ static char *buf;
+ static size_t buflen = 0;
+ size_t len;
+ const char *s;
+ char *d;
+
+ len = strlen(url);
+ if (buflen < len * 3 + 1) {
+ buflen = len * 3 + 1;
+ buf = bozorealloc(httpd, buf, buflen);
+ }
+
+ if (url == NULL) {
+ buf[0] = 0;
+ return buf;
+ }
+
+ for (s = url, d = buf; *s;) {
+ switch (*s) {
+ case ':':
+ case '/':
+ case '?':
+ case '#':
+ case '[':
+ case ']':
+ case '@':
+ case '!':
+ case '$':
+ case '&':
+ case '\'':
+ case '(':
+ case ')':
+ case '*':
+ case '+':
+ case ',':
+ case ';':
+ case '=':
+ /* encode it */
+ snprintf(d, 4, "%%%02X", *s++);
+ d += 3;
+ len += 3;
+ default:
+ *d++ = *s++;
+ len++;
+ }
+ }
+
+ return buf;
+ }
+
+ /*
* checks to see if this request has a valid .bzdirect file. returns
* 0 on failure and 1 on success.
*/
*************** handle_redirect(bozo_httpreq_t *request,
*** 893,902 ****
url = urlbuf;
} else
urlbuf = NULL;
! if (request->hr_query && strlen(request->hr_query)) {
query = 1;
- }
if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0)
snprintf(portbuf, sizeof(portbuf), ":%s",
--- 951,960 ----
url = urlbuf;
} else
urlbuf = NULL;
+ url = escape_rfc3986(request->hr_httpd, url);
! if (request->hr_query && strlen(request->hr_query))
query = 1;
if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0)
snprintf(portbuf, sizeof(portbuf), ":%s",
*************** handle_redirect(bozo_httpreq_t *request,
*** 913,921 ****
if (absolute == 0)
bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf);
if (query) {
! bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
} else {
! bozo_printf(httpd, "%s\r\n", url);
}
}
bozo_printf(httpd, "\r\n");
--- 971,979 ----
if (absolute == 0)
bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf);
if (query) {
! bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
} else {
! bozo_printf(httpd, "%s\r\n", url);
}
}
bozo_printf(httpd, "\r\n");
*************** handle_redirect(bozo_httpreq_t *request,
*** 925,940 ****
bozo_printf(httpd, "Document Moved
\n");
bozo_printf(httpd, "This document had moved hr_query);
! else
! bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname, portbuf, url,
! request->hr_query);
! } else {
! if (absolute)
! bozo_printf(httpd, "%s", url);
! else
! bozo_printf(httpd, "%s%s%s", httpd->virthostname, portbuf, url);
}
bozo_printf(httpd, "\">here\n");
bozo_printf(httpd, "