[shibboleth-sp2] 01/05: https://issues.shibboleth.net/jira/browse/SSPCPP-239
Ferenc Wágner
wferi-guest at moszumanska.debian.org
Tue Jan 26 21:30:14 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi-guest pushed a commit to annotated tag 1.3.4
in repository shibboleth-sp2.
commit 2973df74c551971add96936ff70de71649d996c8
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Mon Aug 24 19:46:52 2009 +0000
https://issues.shibboleth.net/jira/browse/SSPCPP-239
---
adfs/adfs.cpp | 4 ++--
shib-target/shib-handlers.cpp | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index d0b776c..bc1d5b3 100644
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -241,7 +241,7 @@ CgiParse::url_decode(char *url)
for(x=0,y=0;url[y];++x,++y)
{
- if((url[x] = url[y]) == '%')
+ if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
{
url[x] = x2c(&url[y+1]);
y+=2;
@@ -257,7 +257,7 @@ static inline char hexchar(unsigned short s)
string CgiParse::url_encode(const char* s)
{
- static char badchars[]="\"\\+<>#%{}|^~[]`;/?:@=&";
+ static char badchars[]="\"\\+<>#%{}|^~[]`,;/?:@=&";
string ret;
for (; *s; s++) {
diff --git a/shib-target/shib-handlers.cpp b/shib-target/shib-handlers.cpp
index 84c742d..701a9dd 100644
--- a/shib-target/shib-handlers.cpp
+++ b/shib-target/shib-handlers.cpp
@@ -522,7 +522,7 @@ CgiParse::url_decode(char *url)
for(x=0,y=0;url[y];++x,++y)
{
- if((url[x] = url[y]) == '%')
+ if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
{
url[x] = x2c(&url[y+1]);
y+=2;
@@ -538,7 +538,7 @@ static inline char hexchar(unsigned short s)
string CgiParse::url_encode(const char* s)
{
- static char badchars[]="\"\\+<>#%{}|^~[]()'`;/?:@=&";
+ static char badchars[]="\"\\+<>#%{}|^~[](),'`;/?:@=&";
string ret;
for (; *s; s++) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list