From e093da01dcefac72502b4fa0c8375760cf98934e Mon Sep 17 00:00:00 2001 From: Roland Reichwein Date: Sun, 19 Apr 2020 18:17:48 +0200 Subject: Bugfix: urldecode --- plugins/webbox/webbox.cpp | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/webbox/webbox.cpp b/plugins/webbox/webbox.cpp index 3cfd616..7d15ee9 100644 --- a/plugins/webbox/webbox.cpp +++ b/plugins/webbox/webbox.cpp @@ -30,6 +30,7 @@ namespace { static const std::string PROGRAMVERSION{"Webbox 2.0"}; static const std::string DOWNLOAD_FILENAME{"webbox-download.zip"}; + // TODO: separate out class Tempfile { fs::path m_path; @@ -65,6 +66,36 @@ namespace { { "500", "Internal Server Error" } }; + std::string urlDecode(std::string s) + { + std::string result; + + size_t pos = 0; + while (pos < s.size()) { + char c {s[pos]}; + if (c == '+') { + result += ' '; + } else if (c == '%' && pos + 2 < s.size()) { + try { + int i = stoi(s.substr(pos + 1, 2), 0, 16); + if (i < 0 || i > 255) + return result; + + result += static_cast(i); + } catch (...) { + return result; + } + + pos += 2; + } else { + result += c; + } + pos++; + } + + return result; + } + std::unordered_map ParseQueryString(std::string s) { std::unordered_map result; @@ -75,7 +106,7 @@ namespace { for (auto i: list) { pos = i.find('='); if (pos != i.npos) { - result[i.substr(0, pos)] = i.substr(pos + 1); + result[urlDecode(i.substr(0, pos))] = urlDecode(i.substr(pos + 1)); } } } @@ -145,7 +176,7 @@ public: } // Set parameters from FastCGI request environment - m_pathInfo = p.m_GetRequestParam("rel_target"); + m_pathInfo = urlDecode(p.m_GetRequestParam("rel_target")); size_t pos {m_pathInfo.find('?')}; if (pos != m_pathInfo.npos) { m_pathInfo = m_pathInfo.substr(0, pos); -- cgit v1.2.3