diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | dpi/datauri.c | 17 | ||||
| -rw-r--r-- | dpi/dpiutil.c | 22 | ||||
| -rw-r--r-- | dpi/dpiutil.h | 6 |
4 files changed, 45 insertions, 1 deletions
@@ -20,6 +20,7 @@ dillo-2.2 [??] - Bugfix: remove the empty cache entry lingering after connection abort. - Switched capi to use dlib's Dlist instead of a_List_* methods. - Remove empty cache entries on Stop-button press and new link request! + - Fixed URL unescaping in the datauri DPI. Patches: Jorge Arellano Cid +- Fix segfault from AREA when MAP is missing name attribute. - Fix image map coordinates when margin/border/padding present. diff --git a/dpi/datauri.c b/dpi/datauri.c index d620176b..9f35841b 100644 --- a/dpi/datauri.c +++ b/dpi/datauri.c @@ -15,6 +15,8 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <ctype.h> +#include <errno.h> #include "../dpip/dpip.h" #include "dpiutil.h" @@ -35,7 +37,19 @@ */ static SockHandler *sh = NULL; +static void b64strip_illegal_chars(unsigned char* str) +{ + unsigned char *p, *s = str; + + MSG("len=%d{%s}\n", strlen((char*)str), str); + for (p = s; (*p = *s); ++s) { + if (isalnum(*p) || strchr("+/=", *p)) + ++p; + } + + MSG("len=%d{%s}\n", strlen((char *)str), str); +} static int b64decode(unsigned char* str) { @@ -255,7 +269,8 @@ static unsigned char *datauri_get_data(char *url, size_t *p_sz) if (p) { ++p; if (is_base64) { - data = (unsigned char *)dStrdup(p); + data = (unsigned char *)Unescape_uri_str(p); + b64strip_illegal_chars(data); *p_sz = (size_t) b64decode(data); } else { data = (unsigned char *)a_Url_decode_hex_str(p, p_sz); diff --git a/dpi/dpiutil.c b/dpi/dpiutil.c index b1affe95..8edf9ace 100644 --- a/dpi/dpiutil.c +++ b/dpi/dpiutil.c @@ -57,6 +57,28 @@ char *Escape_uri_str(const char *str, const char *p_esc_set) return p; } +/* + * Unescape %XX sequences in a string. + * Return value: a new unescaped string + */ +char *Unescape_uri_str(const char *s) +{ + char *p, *buf = dStrdup(s); + + if (strchr(s, '%')) { + for (p = buf; (*p = *s); ++s, ++p) { + if (*p == '%' && isxdigit(s[1]) && isxdigit(s[2])) { + *p = (isdigit(s[1]) ? (s[1] - '0') : toupper(s[1]) - 'A' + 10)*16; + *p += isdigit(s[2]) ? (s[2] - '0') : toupper(s[2]) - 'A' + 10; + s += 2; + } + } + } + + return buf; +} + + static const char *unsafe_chars = "&<>\"'"; static const char *unsafe_rep[] = { "&", "<", ">", """, "'" }; diff --git a/dpi/dpiutil.h b/dpi/dpiutil.h index 239f5862..b137fa0c 100644 --- a/dpi/dpiutil.h +++ b/dpi/dpiutil.h @@ -72,6 +72,12 @@ void sock_handler_free(SockHandler *sh); char *Escape_uri_str(const char *str, const char *p_esc_set); /* + * Unescape %XX sequences in a string. + * Return value: a new unescaped string + */ +char *Unescape_uri_str(const char *str); + +/* * Escape unsafe characters as html entities. * Return value: New escaped string. */ |