url: make the updated credentials URL-encoded in the URLbagder/http-auth-urlencode-password

Found-by: Gregory Jefferis Reported-by: Jeroen Ooms Added test 1168 to verify. Bug spotted when doing a redirect. Bug: https://github.com/jeroen/curl/issues/224
author: Daniel Stenberg <daniel@haxx.se> 2020-05-14 14:37:12 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2020-05-14 14:39:12 +0200
commit: b670f229e0a4def9b6e0fb4cc478243b8984543d (patch)
tree: 21e0c3b1a16d1bd4d9858dc9845795661f0ace53 /lib
parent: 61504b5ef97079439157277c9bafea220695e64d (diff)
download: curl-bagder/http-auth-urlencode-password.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/url.c b/lib/url.c
index f250f2ff2..9b8b2bdde 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2788,12 +2788,14 @@ static CURLcode override_login(struct Curl_easy *data,
 
   /* for updated strings, we update them in the URL */
   if(user_changed) {
-    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
+    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
+                      CURLU_URLENCODE);
     if(uc)
       return Curl_uc_to_curlcode(uc);
   }
   if(passwd_changed) {
-    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
+    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
+                      CURLU_URLENCODE);
     if(uc)
       return Curl_uc_to_curlcode(uc);
   }
author	Daniel Stenberg <daniel@haxx.se>	2020-05-14 14:37:12 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2020-05-14 14:39:12 +0200
commit	b670f229e0a4def9b6e0fb4cc478243b8984543d (patch)
tree	21e0c3b1a16d1bd4d9858dc9845795661f0ace53 /lib
parent	61504b5ef97079439157277c9bafea220695e64d (diff)
download	curl-bagder/http-auth-urlencode-password.tar.gz