diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2010-08-19 22:56:23 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2010-08-19 22:56:23 +0300 |
| commit | 9ee4f03712925b1fe7634ca66d8d421e676e5b58 (patch) | |
| tree | 0d83e191de91b27bafdd28583e8963e6908fd61c /blob.c | |
| parent | aa008d0769a8e2c1f529b92585659336c0f11953 (diff) | |
| download | squark-9ee4f03712925b1fe7634ca66d8d421e676e5b58.tar.bz2 squark-9ee4f03712925b1fe7634ca66d8d421e676e5b58.tar.xz | |
filter: do not modify deniedurl cgi parameter
Keep the modifications (which are needed for key lookup) inside the
lookup routine. This includes e.g. lower casing the URL. This way
can pass the exact original request string to our block page script.
This also changes the way 'www123.' is stripped from the request.
Diffstat (limited to 'blob.c')
| -rw-r--r-- | blob.c | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -1,3 +1,6 @@ +#include <ctype.h> +#include <string.h> + #include "blob.h" /* RFC 3986 section 2.3 Unreserved Characters (January 2005) */ @@ -162,6 +165,20 @@ void blob_push(blob_t *b, blob_t d) } } +void blob_push_lower(blob_t *b, blob_t d) +{ + int i; + + if (b->len < d.len) { + *b = BLOB_NULL; + return; + } + for (i = 0; i < d.len; i++) + b->ptr[i] = tolower(d.ptr[i]); + b->ptr += d.len; + b->len -= d.len; +} + void blob_push_byte(blob_t *b, unsigned char byte) { if (b->len) { @@ -219,9 +236,6 @@ void blob_push_urldecode(blob_t *to, blob_t url) do { blob_pull_matching(&url, BLOB_STR("/")); b = blob_pull_cspn(&url, BLOB_STR("/")); - if (blob_is_null(url) && blob_is_null(b)) - break; - if (blob_is_null(b) || blob_cmp(b, BLOB_STR(".")) == 0) { /* skip '.' or two consecutive / */ } else if (blob_cmp(b, BLOB_STR("..")) == 0) { @@ -232,7 +246,7 @@ void blob_push_urldecode(blob_t *to, blob_t url) blob_push_byte(to, '/'); blob_push(to, b); } - } while (1); + } while (!blob_is_null(url)); } void blob_push_urlencode(blob_t *to, blob_t url) |