archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-05-03 00:40:12 +00:00
Code Issues Projects Releases Wiki Activity

Decode url before checking for question mark ()

Browse source 
* decode url before checking for question mark

* use only buffer

* dont populate url_query_string_decoded when no question mark
This commit is contained in:
Emmanuel Vasilakis 2023-07-18 14:33:18 +03:00 committed by GitHub
parent f427d80b9e
commit a8055794b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 14 deletions

22
web/server/web_client.c
View file

@ -2259,7 +2259,6 @@ ssize_t web_client_receive(struct web_client *w)
return(bytes); return(bytes);
} }
void web_client_decode_path_and_query_string(struct web_client *w, const char *path_and_query_string) { void web_client_decode_path_and_query_string(struct web_client *w, const char *path_and_query_string) {
char buffer[NETDATA_WEB_REQUEST_URL_SIZE + 2]; char buffer[NETDATA_WEB_REQUEST_URL_SIZE + 2];
buffer[0] = '\0'; buffer[0] = '\0';
@ -2281,29 +2280,24 @@ void web_client_decode_path_and_query_string(struct web_client *w, const char *p
} }
else { else {
// in non-stream mode, there is a path // in non-stream mode, there is a path
// FIXME - the way this is implemented, query string params never accept the symbol &, not even encoded as %26 // FIXME - the way this is implemented, query string params never accept the symbol &, not even encoded as %26
// To support the symbol & in query string params, we need to turn the url_query_string_decoded into a // To support the symbol & in query string params, we need to turn the url_query_string_decoded into a
// dictionary and decode each of the parameters individually. // dictionary and decode each of the parameters individually.
// OR: in url_query_string_decoded use as separator a control character that cannot appear in the URL. // OR: in url_query_string_decoded use as separator a control character that cannot appear in the URL.
char *question_mark_start = strchr(path_and_query_string, '?'); url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1);
if (question_mark_start)
url_decode_r(buffer, question_mark_start, NETDATA_WEB_REQUEST_URL_SIZE + 1);
buffer[NETDATA_WEB_REQUEST_URL_SIZE + 1] = '\0';
buffer_strcat(w->url_query_string_decoded, buffer);
char *question_mark_start = strchr(buffer, '?');
if (question_mark_start) { if (question_mark_start) {
buffer_strcat(w->url_query_string_decoded, question_mark_start);
char c = *question_mark_start; char c = *question_mark_start;
*question_mark_start = '\0'; *question_mark_start = '\0';
url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1); buffer_strcat(w->url_path_decoded, buffer);
*question_mark_start = c; *question_mark_start = c;
} else } else {
url_decode_r(buffer, path_and_query_string, NETDATA_WEB_REQUEST_URL_SIZE + 1); buffer_strcat(w->url_query_string_decoded, "");
buffer_strcat(w->url_path_decoded, buffer);
buffer[NETDATA_WEB_REQUEST_URL_SIZE + 1] = '\0'; }
buffer_strcat(w->url_path_decoded, buffer);
} }
} }