mirror of
https://github.com/mpv-player/mpv
synced 2024-12-21 06:14:32 +00:00
Fix url escaping and avoid double escape
Patch by adland, approved by Bertrand Baudet git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@12392 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
parent
8ef87c44bb
commit
0fec6dd1e3
@ -175,12 +175,12 @@ http_build_request( HTTP_header_t *http_hdr ) {
|
||||
if( http_hdr->method==NULL ) http_set_method( http_hdr, "GET");
|
||||
if( http_hdr->uri==NULL ) http_set_uri( http_hdr, "/");
|
||||
else {
|
||||
uri = (char*)malloc((strlen(http_hdr->uri)*3) + 1);
|
||||
uri = (char*)malloc(strlen(http_hdr->uri) + 1);
|
||||
if( uri==NULL ) {
|
||||
mp_msg(MSGT_NETWORK,MSGL_ERR,"Memory allocation failed\n");
|
||||
return NULL;
|
||||
}
|
||||
url_escape_string( uri, http_hdr->uri );
|
||||
strcpy(uri,http_hdr->uri);
|
||||
}
|
||||
|
||||
//**** Compute the request length
|
||||
|
@ -113,7 +113,6 @@ static void smb_auth_fn(const char *server, const char *share,
|
||||
|
||||
stream_t* open_stream(char* filename,char** options, int* file_format){
|
||||
stream_t* stream=NULL;
|
||||
char *escfilename=NULL;
|
||||
int f=-1;
|
||||
off_t len;
|
||||
|
||||
@ -486,11 +485,7 @@ if(strncmp("dvd://",filename,6) == 0){
|
||||
strncmp("vcd://", filename, 6) && strncmp("dvb://", filename, 6) &&
|
||||
strncmp("cdda://", filename, 7) && strncmp("cddb://", filename, 7) &&
|
||||
strstr(filename, "://")) {
|
||||
//fix filenames with special characters
|
||||
escfilename = malloc(strlen(filename)*4);
|
||||
url_escape_string(escfilename,filename);
|
||||
mp_msg(MSGT_OPEN,MSGL_V,"Filename for url is now %s\n",escfilename);
|
||||
url = url_new(escfilename);
|
||||
url = url_new(filename);
|
||||
}
|
||||
if(url) {
|
||||
if (strcmp(url->protocol, "smb")==0){
|
||||
|
@ -8,6 +8,7 @@
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include "url.h"
|
||||
#include "mp_msg.h"
|
||||
@ -16,33 +17,58 @@ URL_t*
|
||||
url_new(const char* url) {
|
||||
int pos1, pos2,v6addr = 0;
|
||||
URL_t* Curl;
|
||||
char *escfilename=NULL;
|
||||
char *unescfilename=NULL;
|
||||
char *ptr1=NULL, *ptr2=NULL, *ptr3=NULL, *ptr4=NULL;
|
||||
int jumpSize = 3;
|
||||
|
||||
if( url==NULL ) return NULL;
|
||||
|
||||
// Create temp filename space
|
||||
unescfilename=malloc(strlen(url)+1);
|
||||
if (!unescfilename ) {
|
||||
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n");
|
||||
return NULL;
|
||||
}
|
||||
escfilename=malloc(strlen(url)*3+1);
|
||||
if (!escfilename ) {
|
||||
free(unescfilename);
|
||||
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Create the URL container
|
||||
Curl = (URL_t*)malloc(sizeof(URL_t));
|
||||
if( Curl==NULL ) {
|
||||
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n");
|
||||
if (unescfilename) free(unescfilename);
|
||||
if (escfilename) free(escfilename);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
// Initialisation of the URL container members
|
||||
memset( Curl, 0, sizeof(URL_t) );
|
||||
|
||||
//create unescaped/escaped versions of url
|
||||
url_unescape_string(unescfilename,url); // this is to prevent us from escaping an unescaped string
|
||||
// violating RFC 2396
|
||||
url_escape_string(escfilename,unescfilename);
|
||||
free(unescfilename);
|
||||
|
||||
// Copy the url in the URL container
|
||||
Curl->url = strdup(url);
|
||||
Curl->url = strdup(escfilename);
|
||||
if( Curl->url==NULL ) {
|
||||
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n");
|
||||
url_free(Curl);
|
||||
return NULL;
|
||||
}
|
||||
mp_msg(MSGT_OPEN,MSGL_V,"Filename for url is now %s\n",escfilename);
|
||||
|
||||
// extract the protocol
|
||||
ptr1 = strstr(url, "://");
|
||||
ptr1 = strstr(escfilename, "://");
|
||||
if( ptr1==NULL ) {
|
||||
// Check for a special case: "sip:" (without "//"):
|
||||
if (strstr(url, "sip:") == url) {
|
||||
if (strstr(escfilename, "sip:") == escfilename) {
|
||||
ptr1 = (char *)&url[3]; // points to ':'
|
||||
jumpSize = 1;
|
||||
} else {
|
||||
@ -51,9 +77,9 @@ url_new(const char* url) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
pos1 = ptr1-url;
|
||||
pos1 = ptr1-escfilename;
|
||||
Curl->protocol = (char*)malloc(pos1+1);
|
||||
strncpy(Curl->protocol, url, pos1);
|
||||
strncpy(Curl->protocol, escfilename, pos1);
|
||||
if( Curl->protocol==NULL ) {
|
||||
mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n");
|
||||
url_free(Curl);
|
||||
@ -99,7 +125,7 @@ url_new(const char* url) {
|
||||
Curl->password[len2]='\0';
|
||||
}
|
||||
ptr1 = ptr2+1;
|
||||
pos1 = ptr1-url;
|
||||
pos1 = ptr1-escfilename;
|
||||
}
|
||||
|
||||
// before looking for a port number check if we have an IPv6 type numeric address
|
||||
@ -129,16 +155,16 @@ url_new(const char* url) {
|
||||
if( ptr3==NULL ) {
|
||||
// No path/filename
|
||||
// So we have an URL like http://www.hostname.com
|
||||
pos2 = strlen(url);
|
||||
pos2 = strlen(escfilename);
|
||||
} else {
|
||||
// We have an URL like http://www.hostname.com/file.txt
|
||||
pos2 = ptr3-url;
|
||||
pos2 = ptr3-escfilename;
|
||||
}
|
||||
} else {
|
||||
// We have an URL beginning like http://www.hostname.com:1212
|
||||
// Get the port number
|
||||
Curl->port = atoi(ptr2+1);
|
||||
pos2 = ptr2-url;
|
||||
pos2 = ptr2-escfilename;
|
||||
}
|
||||
if( v6addr ) pos2--;
|
||||
// copy the hostname in the URL container
|
||||
@ -177,6 +203,7 @@ url_new(const char* url) {
|
||||
strcpy(Curl->file, "/");
|
||||
}
|
||||
|
||||
free(escfilename);
|
||||
return Curl;
|
||||
}
|
||||
|
||||
@ -195,16 +222,16 @@ url_free(URL_t* url) {
|
||||
|
||||
/* Replace escape sequences in an URL (or a part of an URL) */
|
||||
/* works like strcpy(), but without return argument */
|
||||
/* unescape_url_string comes from ASFRecorder */
|
||||
void
|
||||
url_unescape_string(char *outbuf, const char *inbuf)
|
||||
{
|
||||
unsigned char c;
|
||||
do {
|
||||
c = *inbuf++;
|
||||
if (c == '%') {
|
||||
unsigned char c1 = *inbuf++;
|
||||
unsigned char c2 = *inbuf++;
|
||||
unsigned char c,c1,c2;
|
||||
int i,len=strlen(inbuf);
|
||||
for (i=0;i<len;i++){
|
||||
c = inbuf[i];
|
||||
if (c == '%' && i<len-2) { //must have 2 more chars
|
||||
c1 = toupper(inbuf[i+1]); // we need uppercase characters
|
||||
c2 = toupper(inbuf[i+2]);
|
||||
if ( ((c1>='0' && c1<='9') || (c1>='A' && c1<='F')) &&
|
||||
((c2>='0' && c2<='9') || (c2>='A' && c2<='F')) ) {
|
||||
if (c1>='0' && c1<='9') c1-='0';
|
||||
@ -212,20 +239,29 @@ url_unescape_string(char *outbuf, const char *inbuf)
|
||||
if (c2>='0' && c2<='9') c2-='0';
|
||||
else c2-='A'-10;
|
||||
c = (c1<<4) + c2;
|
||||
i=i+2; //only skip next 2 chars if valid esc
|
||||
}
|
||||
}
|
||||
*outbuf++ = c;
|
||||
} while (c != '\0');
|
||||
}
|
||||
*outbuf++='\0'; //add nullterm to string
|
||||
}
|
||||
|
||||
/* Replace specific characters in the URL string by an escape sequence */
|
||||
/* works like strcpy(), but without return argument */
|
||||
/* escape_url_string comes from ASFRecorder */
|
||||
void
|
||||
url_escape_string(char *outbuf, const char *inbuf) {
|
||||
unsigned char c;
|
||||
do {
|
||||
c = *inbuf++;
|
||||
unsigned char c,c1,c2;
|
||||
int i,len=strlen(inbuf);
|
||||
|
||||
for (i=0;i<len;i++) {
|
||||
c = inbuf[i];
|
||||
if ((c=='%') && i<len-2 ) { //need 2 more characters
|
||||
c1=toupper(inbuf[i+1]); c2=toupper(inbuf[i+2]); // need uppercase chars
|
||||
} else {
|
||||
c1=129; c2=129; //not escape chars
|
||||
}
|
||||
|
||||
if( (c >= 'A' && c <= 'Z') ||
|
||||
(c >= 'a' && c <= 'z') ||
|
||||
(c >= '0' && c <= '9') ||
|
||||
@ -234,12 +270,21 @@ url_escape_string(char *outbuf, const char *inbuf) {
|
||||
c=='*' || c=='\'' || c=='(' || c==')' || /* do not touch escape character */
|
||||
c==';' || c=='/' || c=='?' || c==':' || c=='@' || /* reserved characters */
|
||||
c=='&' || c=='=' || c=='+' || c=='$' || c==',' || /* see RFC 2396 */
|
||||
c=='\0' ) {
|
||||
c=='\0' ) { /* string term char */
|
||||
*outbuf++ = c;
|
||||
} else if ( c=='%' && ((c1 >= '0' && c1 <= '9') || (c1 >= 'A' && c1 <= 'F')) &&
|
||||
((c2 >= '0' && c2 <= '9') || (c2 >= 'A' && c2 <= 'F'))) {
|
||||
// check if part of an escape sequence
|
||||
*outbuf++=c; // already
|
||||
|
||||
// dont escape again
|
||||
mp_msg(MSGT_NETWORK,MSGL_ERR,"string appears to be already escaped in url_escape %c%c1%c2\n",c,c1,c2);
|
||||
// error as this should not happen against RFC 2396
|
||||
// to escape a string twice
|
||||
} else {
|
||||
/* all others will be escaped */
|
||||
unsigned char c1 = ((c & 0xf0) >> 4);
|
||||
unsigned char c2 = (c & 0x0f);
|
||||
c1 = ((c & 0xf0) >> 4);
|
||||
c2 = (c & 0x0f);
|
||||
if (c1 < 10) c1+='0';
|
||||
else c1+='A'-10;
|
||||
if (c2 < 10) c2+='0';
|
||||
@ -248,7 +293,8 @@ url_escape_string(char *outbuf, const char *inbuf) {
|
||||
*outbuf++ = c1;
|
||||
*outbuf++ = c2;
|
||||
}
|
||||
} while (c != '\0');
|
||||
}
|
||||
*outbuf++='\0';
|
||||
}
|
||||
|
||||
#ifdef __URL_DEBUG
|
||||
|
Loading…
Reference in New Issue
Block a user