Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user name

and password fields properly in URLs, like ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix.
author: Daniel Stenberg <daniel@haxx.se> 2004-10-14 13:44:54 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2004-10-14 13:44:54 +0000
commit: e8f85cba0f8c19369d39b1c6616dc51dae1dd179 (patch)
tree: 0ba45c10cc1e443272b7ec668c5d87b8a66717ca
parent: 1aba99b1e74114743e5302dd0512ccd5c5aedbae (diff)
download: curl-e8f85cba0f8c19369d39b1c6616dc51dae1dd179.tar.gz
6 files changed, 67 insertions, 11 deletions
diff --git a/CHANGES b/CHANGES
index 4272f3ec3..4f5850241 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel (14 October 2004)
+- Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user
+  name and password fields properly in URLs, like
+  ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix.
+
 Daniel (11 October 2004)
 - libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or
   later is one) to inhibit the SIGPIPE signal when writing to a socket while
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1c82b8118..8611f70cc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -21,6 +21,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o URLs with ?-letters in the user name or password fields
  o libcurl error message is now provided when send() fails
  o no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms
  o HTTP resume was refused if redirected
@@ -61,6 +62,8 @@ Other curl-related news since the previous public release:
  o tclcurl version 0.12.1
    http://personal1.iddeo.es/andresgarci/tclcurl/english/
  o libcurl.NET was announce: http://www.seasideresearch.com/downloads.html
+ o Get your fresh Mozilla-extracted ca cert bundle here:
+   http://curl.haxx.se/docs/caextract.html
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
@@ -71,6 +74,6 @@ advice from friends like these:
  Jean-Claude Chauve, Dan Fandrich, Peter Sylvester, "Mekonikum", Jean-Philippe
  Barrette-LaPierre, G�nter Knauf, Larry Campbell, Fedor Karpelevitch,
  Aleksandar Milivojevic, Gisle Vanem, Chris "Bob Bob", Chih-Chung Chang,
- Andy Cedilnik, Alan Pinstein
+ Andy Cedilnik, Alan Pinstein, Eric Vergnaud 
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/TODO-RELEASE b/TODO-RELEASE
index 90138c625..5ce661fb0 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -5,8 +5,6 @@ To get fixed in 7.12.2 (planned release: mid October 2004)
 
 50 - threaded windows resolver problem reported by Traian Nicolescu
 
-51 - ?-letters in user name or password in ftp:// URLs
-
 To get fixed in 7.12.3 (planned release: December 2004)
 ======================
 
diff --git a/lib/url.c b/lib/url.c
index db7cf2ab5..e84d05489 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2175,6 +2175,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
                                  bool *async)
 {
   char *tmp;
+  char *at;
   CURLcode result=CURLE_OK;
   struct connectdata *conn;
   struct connectdata *conn_temp;
@@ -2349,13 +2350,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     /* Set default path */
     strcpy(conn->path, "/");
 
-    /* We need to search for '/' OR '?' - whichever comes first after host
-     * name but before the path. We need to change that to handle things like
-     * http://example.com?param= (notice the missing '/'). Later we'll insert
-     * that missing slash at the beginning of the path.
-     */
     if (2 > sscanf(data->change.url,
-                   "%15[^\n:]://%[^\n/?]%[^\n]",
+                   "%15[^\n:]://%[^\n/]%[^\n]",
                    conn->protostr,
                    conn->host.name, conn->path)) {
 
@@ -2363,7 +2359,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
        * The URL was badly formatted, let's try the browser-style _without_
        * protocol specified like 'http://'.
        */
-      if((1 > sscanf(data->change.url, "%[^\n/?]%[^\n]",
+      if((1 > sscanf(data->change.url, "%[^\n/]%[^\n]",
                      conn->host.name, conn->path)) ) {
         /*
          * We couldn't even get this format.
@@ -2404,6 +2400,27 @@ static CURLcode CreateConnection(struct SessionHandle *data,
     }
   }
 
+  /* We search for '?' in the host name (but only on the right side of a
+   * @-letter to allow ?-letters in username and password) to handle things
+   * like http://example.com?param= (notice the missing '/').
+   */
+  at = strchr(conn->host.name, '@');
+  if(at)
+    tmp = strchr(at+1, '?');
+  else
+    tmp = strchr(conn->host.name, '?');
+
+  if(tmp) {
+    /* The right part of the ?-letter needs to be moved to prefix
+       the current path buffer! */
+    size_t len = strlen(tmp);
+    /* move the existing path plus the zero byte */
+    memmove(conn->path+len+1, conn->path, strlen(conn->path)+1);
+    conn->path[0]='/'; /* prepend the missing slash */
+    memcpy(conn->path+1, tmp, len); /* now copy the prefix part */
+    *tmp=0; /* now cut off the hostname at the ? */
+  }
+
   /* If the URL is malformatted (missing a '/' after hostname before path) we
    * insert a slash here. The only letter except '/' we accept to start a path
    * is '?'.
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 7a00695c0..3a317ea59 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	\
  test512 test165 test166 test167 test168 test169 test170 test171	\
  test172 test204 test205 test173 test174 test175 test176 test177	\
  test513 test514 test178 test179 test180 test181 test182 test183	\
- test184 test185 test186 test187 test188 test189
+ test184 test185 test186 test187 test188 test189 test191
 
 # The following tests have been removed from the dist since they no longer
 # work. We need to fix the test suite's FTPS server first, then bring them
diff --git a/tests/data/test191 b/tests/data/test191
new file mode 100644
index 000000000..c3baf57bc
--- /dev/null
+++ b/tests/data/test191
@@ -0,0 +1,33 @@
+# Server-side
+<reply>
+<data>
+data in file
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+ftp
+</server>
+ <name>
+FTP URL with ?-letters in username and password 
+ </name>
+ <command>
+"ftp://use?r:pass?word@%HOSTIP:%FTPPORT/191"
+</command>
+</test>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER use?r
+PASS pass?word
+PWD
+EPSV
+TYPE I
+SIZE 191
+RETR 191
+QUIT
+</protocol>
+</verify>
author	Daniel Stenberg <daniel@haxx.se>	2004-10-14 13:44:54 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2004-10-14 13:44:54 +0000
commit	e8f85cba0f8c19369d39b1c6616dc51dae1dd179 (patch)
tree	0ba45c10cc1e443272b7ec668c5d87b8a66717ca
parent	1aba99b1e74114743e5302dd0512ccd5c5aedbae (diff)
download	curl-e8f85cba0f8c19369d39b1c6616dc51dae1dd179.tar.gz