From 5df13c31735fa089d5344fde13b66ace1ea473d1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 28 Sep 2010 23:46:14 +0200 Subject: curl_easy_escape: don't escape "unreserved" characters According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be percent-encoded. Reported by: Miguel Diaz Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html --- lib/escape.c | 9 ++++++--- tests/data/test1015 | 4 ++-- tests/data/test58 | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/escape.c b/lib/escape.c index 37d21e799..735e1d8a7 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -43,8 +43,10 @@ #include "memdebug.h" /* Portable character check (remember EBCDIC). Do not use isalnum() because -its behavior is altered by the current locale. */ -static bool Curl_isalnum(unsigned char in) + its behavior is altered by the current locale. + See http://tools.ietf.org/html/rfc3986#section-2.3 +*/ +static bool Curl_isunreserved(unsigned char in) { switch (in) { case '0': case '1': case '2': case '3': case '4': @@ -59,6 +61,7 @@ static bool Curl_isalnum(unsigned char in) case 'K': case 'L': case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z': + case '-': case '.': case '_': case '~': return TRUE; default: break; @@ -100,7 +103,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength) while(length--) { in = *string; - if (Curl_isalnum(in)) { + if (Curl_isunreserved(in)) { /* just copy this */ ns[strindex++]=in; } diff --git a/tests/data/test1015 b/tests/data/test1015 index cb916fd17..c16746646 100644 --- a/tests/data/test1015 +++ b/tests/data/test1015 @@ -44,10 +44,10 @@ POST /1015 HTTP/1.1 User-Agent: curl/7.17.2-CVS (i686-pc-linux-gnu) libcurl/7.17.2-CVS OpenSSL/0.9.8g zlib/1.2.3.3 c-ares/1.5.2-CVS libidn/1.1 libssh2/0.19.0-C Host: %HOSTIP:%HTTPPORT Accept: */* -Content-Length: 141 +Content-Length: 133 Content-Type: application/x-www-form-urlencoded -my%20name%20is%20moo%5B%5D&y e s=s%5Fi%5Fr&v_alue=content%20to%20%5F%3F%21%23%24%27%7C%3C%3E%0A&content%20to%20%5F%3F%21%23%24%27%7C%3C%3E%0A +my%20name%20is%20moo%5B%5D&y e s=s_i_r&v_alue=content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A&content%20to%20_%3F%21%23%24%27%7C%3C%3E%0A diff --git a/tests/data/test58 b/tests/data/test58 index 82811df9f..1bd53fa27 100644 --- a/tests/data/test58 +++ b/tests/data/test58 @@ -39,7 +39,7 @@ a few bytes ^User-Agent:.* -PUT /we/want/58te%5B%5Dst%2Etxt HTTP/1.1 +PUT /we/want/58te%5B%5Dst.txt HTTP/1.1 Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 12 -- cgit v1.2.3