39 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			39 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
 | |
| From: Daniel Stenberg <daniel@haxx.se>
 | |
| Date: Thu, 14 May 2020 14:37:12 +0200
 | |
| Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
 | |
| 
 | |
| Found-by: Gregory Jefferis
 | |
| Reported-by: Jeroen Ooms
 | |
| Added test 1168 to verify. Bug spotted when doing a redirect.
 | |
| Bug: https://github.com/jeroen/curl/issues/224
 | |
| Closes #5400
 | |
| ---
 | |
|  lib/url.c               |  6 ++--
 | |
|  tests/data/Makefile.inc |  1 +
 | |
|  tests/data/test1168     | 78 +++++++++++++++++++++++++++++++++++++++++
 | |
|  3 files changed, 83 insertions(+), 2 deletions(-)
 | |
|  create mode 100644 tests/data/test1168
 | |
| 
 | |
| diff --git a/lib/url.c b/lib/url.c
 | |
| index f250f2ff20a..9b8b2bdde64 100644
 | |
| --- a/lib/url.c
 | |
| +++ b/lib/url.c
 | |
| @@ -2788,12 +2788,14 @@ static CURLcode override_login(struct Curl_easy *data,
 | |
|  
 | |
|    /* for updated strings, we update them in the URL */
 | |
|    if(user_changed) {
 | |
| -    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
 | |
| +    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
 | |
| +                      CURLU_URLENCODE);
 | |
|      if(uc)
 | |
|        return Curl_uc_to_curlcode(uc);
 | |
|    }
 | |
|    if(passwd_changed) {
 | |
| -    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
 | |
| +    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
 | |
| +                      CURLU_URLENCODE);
 | |
|      if(uc)
 | |
|        return Curl_uc_to_curlcode(uc);
 | |
|    }
 | 
