diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-06-23 16:13:50 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-06-25 09:57:18 +0200 |
commit | 31e53584db5879894809fbde5445aac7553ac3e2 (patch) | |
tree | 2cdf73cadcb2bbc0e7d9308ef46b9a4a7e44db23 /lib/urlapi.c | |
parent | 646cc574f0b72723906224824a57cd37ee88e9df (diff) | |
download | curl-31e53584db5879894809fbde5445aac7553ac3e2.tar.gz |
escape: make the URL decode able to reject only %00 bytes
... or all "control codes" or nothing.
Assisted-by: Nicolas Sterchele
Diffstat (limited to 'lib/urlapi.c')
-rw-r--r-- | lib/urlapi.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c index 37937fbca..398364b34 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -1185,7 +1185,10 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, if(urldecode) { char *decoded; size_t dlen; - CURLcode res = Curl_urldecode(NULL, *part, 0, &decoded, &dlen, TRUE); + /* this unconditional rejection of control bytes is documented + API behavior */ + CURLcode res = Curl_urldecode(NULL, *part, 0, &decoded, &dlen, + REJECT_CTRL); free(*part); if(res) { *part = NULL; |