curl_easy_escape: don't escape "unreserved" characters (5df13c31) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/escape.c

+6 −3

Original line number	Diff line number	Diff line
		@@ -43,8 +43,10 @@
		#include "memdebug.h"

		/* Portable character check (remember EBCDIC). Do not use isalnum() because
		its behavior is altered by the current locale. */
		static bool Curl_isalnum(unsigned char in)
		its behavior is altered by the current locale.
		See http://tools.ietf.org/html/rfc3986#section-2.3
		*/
		static bool Curl_isunreserved(unsigned char in)
		{
		switch (in) {
		case '0': case '1': case '2': case '3': case '4':
		@@ -59,6 +61,7 @@ static bool Curl_isalnum(unsigned char in)
		case 'K': case 'L': case 'M': case 'N': case 'O':
		case 'P': case 'Q': case 'R': case 'S': case 'T':
		case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
		case '-': case '.': case '_': case '~':
		return TRUE;
		default:
		break;
		@@ -100,7 +103,7 @@ char curl_easy_escape(CURL handle, const char *string, int inlength)
		while(length--) {
		in = *string;

		if (Curl_isalnum(in)) {
		if (Curl_isunreserved(in)) {
		/* just copy this */
		ns[strindex++]=in;
		}

+2 −2

Original line number	Diff line number	Diff line
		@@ -44,10 +44,10 @@ POST /1015 HTTP/1.1
		User-Agent: curl/7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-C
		Host: %HOSTIP:%HTTPPORT
		Accept: /
		Content-Length: 141
		Content-Length: 133
		Content-Type: application/x-www-form-urlencoded

		my%20name%20is%20moo%5B%5D&y e s=s%5Fi%5Fr&v_alue=content%20to%20%5F%3F%21%23%24%27%7C%3C%3E%0A&content%20to%20%5F%3F%21%23%24%27%7C%3C%3E%0A
		my%20name%20is%20moo%5B%5D&y e s=s_i_r&v_alue=content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A&content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A
		</protocol>
		</verify>
		</testcase>

+1 −1