RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-01 09:00:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
c0e2ff202b
haproxy/include/common
History
Willy Tarreau 62ba9ba6ca BUG/MINOR: http: make url_decode() optionally convert '+' to SP 
The url_decode() function used by the url_dec converter and a few other
call points is ambiguous on its processing of the '+' character which
itself isn't stable in the spec. This one belongs to the reserved
characters for the query string but not for the path nor the scheme,
in which it must be left as-is. It's only in argument strings that
follow the application/x-www-form-urlencoded encoding that it must be
turned into a space, that is, in query strings and POST arguments.

The problem is that the function is used to process full URLs and
paths in various configs, and to process query strings from the stats
page for example.

This patch updates the function to differentiate the situation where
it's parsing a path and a query string. A new argument indicates if a
query string should be assumed, otherwise it's only assumed after seeing
a question mark.

The various locations in the code making use of this function were
updated to take care of this (most call places were using it to decode
POST arguments).

The url_dec converter is usually called on path or url samples, so it
needs to remain compatible with this and will default to parsing a path
and turning the '+' to a space only after a question mark. However in
situations where it would explicitly be extracted from a POST or a
query string, it now becomes possible to enforce the decoding by passing
a non-null value in argument.

It seems to be what was reported in issue #585. This fix may be
backported to older stable releases.
2020-04-23 20:03:27 +02:00
..
base64.h
buf.h MINOR: buf: Add function to insert a string at an absolute offset in a buffer 2020-03-06 14:12:59 +01:00
buffer.h MEDIUM: buffer: remove the buffer_wq lock 2020-02-26 10:39:36 +01:00
cfgparse.h
chunk.h MINOR: chunk: implement chunk_strncpy() to copy partial strings 2020-02-14 19:02:06 +01:00
compat.h MINOR: debug: use our own backtrace function on clang+x86_64 2020-03-04 12:04:07 +01:00
compiler.h MINOR: debug: add a new DISGUISE() macro to pass a value as identity 2020-03-14 10:52:46 +01:00
config.h MINOR: compiler: move CPU capabilities definition from config.h and complete them 2020-02-21 16:32:57 +01:00
debug.h MINOR: debug: consume the write() result in BUG_ON() to silence a warning 2020-03-14 10:58:35 +01:00
defaults.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
errors.h
fcgi.h
h1.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
h2.h MINOR: h2: add a function to report H2 error codes as strings 2019-11-25 11:34:26 +01:00
hash.h BUG/MAJOR: hashes: fix the signedness of the hash inputs 2020-01-16 08:23:42 +01:00
hathreads.h MEDIUM: fd: Introduce a running mask, and use it instead of the spinlock. 2020-03-17 15:30:07 +01:00
hpack-dec.h
hpack-enc.h
hpack-huff.h
hpack-tbl.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
http-hdr.h
http.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
htx.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
initcall.h
ist.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
istbuf.h
memory.h MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc. 2020-03-18 15:55:35 +01:00
mini-clist.h MINOR: lists: fix indentation. 2020-03-11 21:41:13 +01:00
namespace.h
net_helper.h CLEANUP: net_helper: Do not negate the result of unlikely 2020-02-25 07:30:49 +01:00
openssl-compat.h CLEANUP: ssl: use the refcount for the SSL_CTX' 2020-04-08 16:52:51 +02:00
regex.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00
standard.h BUG/MINOR: http: make url_decode() optionally convert '+' to SP 2020-04-23 20:03:27 +02:00
template.h
ticks.h
time.h BUILD: remove obsolete support for -mregparm / USE_REGPARM 2020-02-25 07:41:47 +01:00
tools.h BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent 2020-01-22 15:55:55 +01:00
uri_auth.h
version.h MINOR: version: this is development again, update the status 2019-11-25 20:38:32 +01:00
xref.h CLEANUP: assorted typo fixes in the code and comments 2020-03-14 09:42:07 +01:00