diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-05-14 14:37:12 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-05-14 17:59:47 +0200 |
commit | 600a8cded447cd7118ed50142c576567c0cf5158 (patch) | |
tree | b375eac991c046e6bad38c1527b100673662d3cb /lib | |
parent | e2a7a6bb9ee9be1f203ce23fd7e112d9fa37b35b (diff) |
url: make the updated credentials URL-encoded in the URL
Found-by: Gregory Jefferis
Reported-by: Jeroen Ooms
Added test 1168 to verify. Bug spotted when doing a redirect.
Bug: https://github.com/jeroen/curl/issues/224
Closes #5400
Diffstat (limited to 'lib')
-rw-r--r-- | lib/url.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -2788,12 +2788,14 @@ static CURLcode override_login(struct Curl_easy *data, /* for updated strings, we update them in the URL */ if(user_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } if(passwd_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } |