diff options
author | Daniel Stenberg <daniel@haxx.se> | 2000-11-06 08:12:30 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2000-11-06 08:12:30 +0000 |
commit | b6bb734215a40238ada3a02c9fcddcf5bf934c2c (patch) | |
tree | 3cc72d3adc03b94ba8a86c1ae8a9be4c4f56ac2f | |
parent | e7736324b4750e6d1536ea7f6d603c82a361dbdb (diff) |
Emmanuel Tychon found a problem when specifying user-name only in a URL
(and the password entered interactively). This fix also includes proper
URL-decoding of the user name and password if specified in the URL.
-rw-r--r-- | lib/url.c | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -109,6 +109,7 @@ #include "progress.h" #include "cookie.h" #include "strequal.h" +#include "escape.h" /* And now for the protocols */ #include "ftp.h" @@ -1129,17 +1130,35 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect) if(*conn->name != ':') { /* the name is given, get user+password */ - sscanf(conn->name, "%127[^:]:%127[^@]", + sscanf(conn->name, "%127[^:@]:%127[^@]", data->user, data->passwd); } else /* no name given, get the password only */ sscanf(conn->name+1, "%127[^@]", data->passwd); + if(data->user[0]) { + char *newname=curl_unescape(data->user, 0); + if(strlen(newname) < sizeof(data->user)) { + strcpy(data->user, newname); + } + /* if the new name is longer than accepted, then just use + the unconverted name, it'll be wrong but what the heck */ + free(newname); + } + /* check for password, if no ask for one */ if( !data->passwd[0] ) { my_getpass("password:",data->passwd,sizeof(data->passwd)); } + else { + /* we have a password found in the URL, decode it! */ + char *newpasswd=curl_unescape(data->passwd, 0); + if(strlen(newpasswd) < sizeof(data->passwd)) { + strcpy(data->passwd, newpasswd); + } + free(newpasswd); + } conn->name = ++ptr; data->bits.user_passwd=1; /* enable user+password */ |