aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES10
-rw-r--r--lib/transfer.c9
-rw-r--r--tests/data/Makefile.am2
-rw-r--r--tests/data/test18767
4 files changed, 86 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index c4d4f4c11..57f2f35f5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,16 @@
Changelog
+Daniel (16 September 2004)
+- Anonymous filed bug report #1029478 which identified a bug when you 1) used
+ a URL without properly seperating the host name and the parameters with a
+ slash. 2) the URL had parameters to the right of a ? that contains a slash
+ 3) curl was told to follow Location:s 4) the request got a response that
+ contained a Location: to redirect to "/dir". curl then appended the new path
+ on the wrong position of the original URL.
+
+ Test case 187 was added to verify that this was fixed properly.
+
Daniel (11 September 2004)
- Added parsedate.[ch] that contains a rewrite of the date parser currently
provided by getdate.y. The new one is MUCH smaller and will allow us to run
diff --git a/lib/transfer.c b/lib/transfer.c
index 2a3d0b10f..7f7211048 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1801,8 +1801,15 @@ CURLcode Curl_follow(struct SessionHandle *data,
/* We got a new absolute path for this server, cut off from the
first slash */
pathsep = strchr(protsep, '/');
- if(pathsep)
+ if(pathsep) {
+ /* When people use badly formatted URLs, such as
+ "http://www.url.com?dir=/home/daniel" we must not use the first
+ slash, if there's a ?-letter before it! */
+ char *sep = strchr(protsep, '?');
+ if(sep && (sep < pathsep))
+ pathsep = sep;
*pathsep=0;
+ }
else {
/* There was no slash. Now, since we might be operating on a badly
formatted URL, such as "http://www.url.com?id=2380" which doesn't
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 8d296c2b1..83c76ad53 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test512 test165 test166 test167 test168 test169 test170 test171 \
test172 test204 test205 test173 test174 test175 test176 test177 \
test513 test514 test178 test179 test180 test181 test182 test183 \
- test184 test185 test186
+ test184 test185 test186 test187
# The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them
diff --git a/tests/data/test187 b/tests/data/test187
new file mode 100644
index 000000000..dbb86023a
--- /dev/null
+++ b/tests/data/test187
@@ -0,0 +1,67 @@
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 This is a weirdo text message
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: /root/1870002.txt?coolsite=yes
+Connection: close
+
+This server reply is for testing a simple Location: following
+
+</data>
+<data2>
+HTTP/1.1 200 Followed here fine swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+
+If this is received, the location following worked
+
+</data2>
+<datacheck>
+HTTP/1.1 301 This is a weirdo text message
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: /root/1870002.txt?coolsite=yes
+Connection: close
+
+HTTP/1.1 200 Followed here fine swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+
+If this is received, the location following worked
+
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect with bad host name separation and slash in parameters
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT?oh=what-weird=test/187 -L
+</command>
+</test>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /?oh=what-weird=test/187 HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Pragma: no-cache
+Accept: */*
+
+GET /root/1870002.txt?coolsite=yes HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Pragma: no-cache
+Accept: */*
+
+</protocol>
+</verify>