diff options
| -rw-r--r-- | CHANGES | 10 | ||||
| -rw-r--r-- | lib/transfer.c | 9 | ||||
| -rw-r--r-- | tests/data/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/data/test187 | 67 |
4 files changed, 86 insertions, 2 deletions
@@ -6,6 +6,16 @@ Changelog +Daniel (16 September 2004) +- Anonymous filed bug report #1029478 which identified a bug when you 1) used + a URL without properly seperating the host name and the parameters with a + slash. 2) the URL had parameters to the right of a ? that contains a slash + 3) curl was told to follow Location:s 4) the request got a response that + contained a Location: to redirect to "/dir". curl then appended the new path + on the wrong position of the original URL. + + Test case 187 was added to verify that this was fixed properly. + Daniel (11 September 2004) - Added parsedate.[ch] that contains a rewrite of the date parser currently provided by getdate.y. The new one is MUCH smaller and will allow us to run diff --git a/lib/transfer.c b/lib/transfer.c index 2a3d0b10f..7f7211048 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -1801,8 +1801,15 @@ CURLcode Curl_follow(struct SessionHandle *data, /* We got a new absolute path for this server, cut off from the first slash */ pathsep = strchr(protsep, '/'); - if(pathsep) + if(pathsep) { + /* When people use badly formatted URLs, such as + "http://www.url.com?dir=/home/daniel" we must not use the first + slash, if there's a ?-letter before it! */ + char *sep = strchr(protsep, '?'); + if(sep && (sep < pathsep)) + pathsep = sep; *pathsep=0; + } else { /* There was no slash. Now, since we might be operating on a badly formatted URL, such as "http://www.url.com?id=2380" which doesn't diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 8d296c2b1..83c76ad53 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ test512 test165 test166 test167 test168 test169 test170 test171 \ test172 test204 test205 test173 test174 test175 test176 test177 \ test513 test514 test178 test179 test180 test181 test182 test183 \ - test184 test185 test186 + test184 test185 test186 test187 # The following tests have been removed from the dist since they no longer # work. We need to fix the test suite's FTPS server first, then bring them diff --git a/tests/data/test187 b/tests/data/test187 new file mode 100644 index 000000000..dbb86023a --- /dev/null +++ b/tests/data/test187 @@ -0,0 +1,67 @@ +# Server-side +<reply> +<data> +HTTP/1.1 301 This is a weirdo text message +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /root/1870002.txt?coolsite=yes +Connection: close + +This server reply is for testing a simple Location: following + +</data> +<data2> +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake + +If this is received, the location following worked + +</data2> +<datacheck> +HTTP/1.1 301 This is a weirdo text message +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /root/1870002.txt?coolsite=yes +Connection: close + +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake + +If this is received, the location following worked + +</datacheck> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +HTTP redirect with bad host name separation and slash in parameters + </name> + <command> +http://%HOSTIP:%HTTPPORT?oh=what-weird=test/187 -L +</command> +</test> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /?oh=what-weird=test/187 HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Pragma: no-cache
+Accept: */*
+
+GET /root/1870002.txt?coolsite=yes HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Pragma: no-cache
+Accept: */*
+
+</protocol> +</verify> |