diff options
| author |   semarie <semarie@openbsd.org> | 2015-06-23 17:25:01 +0000 |
|---|---|---|
| committer | semarie <semarie@openbsd.org> | 2015-06-23 17:25:01 +0000 |
| commit | 0788fdf8a0d42bab9595052fbd4e0987bb6426c0 (patch) | |
| tree | 5e58bcc664e986586b214ee1ddb8fcec31082b23 | |
| parent | remove a deprecated character class. (diff) | |
| download | wireguard-openbsd-0788fdf8a0d42bab9595052fbd4e0987bb6426c0.tar.xz wireguard-openbsd-0788fdf8a0d42bab9595052fbd4e0987bb6426c0.zip | |
escape the matched substrings before using it in expansion.
ok reyk@
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 146b1420350..112bb0013ca 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.83 2015/06/23 15:23:14 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.84 2015/06/23 17:25:01 semarie Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -911,8 +911,11 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); /* Expand variable with matched value */ - if (expand_string(buf, len, ibuf, - clt->clt_srv_match.sm_match[n]) != 0) + if ((str = url_encode(clt->clt_srv_match.sm_match[n])) == NULL) + return (NULL); + ret = expand_string(buf, len, ibuf, str); + free(str); + if (ret != 0) return (NULL); } if (strstr(val, "$DOCUMENT_URI") != NULL) { |