aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2000-11-06 08:12:30 +0000
committerDaniel Stenberg <daniel@haxx.se>2000-11-06 08:12:30 +0000
commitb6bb734215a40238ada3a02c9fcddcf5bf934c2c (patch)
tree3cc72d3adc03b94ba8a86c1ae8a9be4c4f56ac2f /lib
parente7736324b4750e6d1536ea7f6d603c82a361dbdb (diff)
Emmanuel Tychon found a problem when specifying user-name only in a URL
(and the password entered interactively). This fix also includes proper URL-decoding of the user name and password if specified in the URL.
Diffstat (limited to 'lib')
-rw-r--r--lib/url.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/lib/url.c b/lib/url.c
index 492192ed0..590348029 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -109,6 +109,7 @@
#include "progress.h"
#include "cookie.h"
#include "strequal.h"
+#include "escape.h"
/* And now for the protocols */
#include "ftp.h"
@@ -1129,17 +1130,35 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect)
if(*conn->name != ':') {
/* the name is given, get user+password */
- sscanf(conn->name, "%127[^:]:%127[^@]",
+ sscanf(conn->name, "%127[^:@]:%127[^@]",
data->user, data->passwd);
}
else
/* no name given, get the password only */
sscanf(conn->name+1, "%127[^@]", data->passwd);
+ if(data->user[0]) {
+ char *newname=curl_unescape(data->user, 0);
+ if(strlen(newname) < sizeof(data->user)) {
+ strcpy(data->user, newname);
+ }
+ /* if the new name is longer than accepted, then just use
+ the unconverted name, it'll be wrong but what the heck */
+ free(newname);
+ }
+
/* check for password, if no ask for one */
if( !data->passwd[0] ) {
my_getpass("password:",data->passwd,sizeof(data->passwd));
}
+ else {
+ /* we have a password found in the URL, decode it! */
+ char *newpasswd=curl_unescape(data->passwd, 0);
+ if(strlen(newpasswd) < sizeof(data->passwd)) {
+ strcpy(data->passwd, newpasswd);
+ }
+ free(newpasswd);
+ }
conn->name = ++ptr;
data->bits.user_passwd=1; /* enable user+password */