[Gnustep-cvs] r40328 - /libs/webserver/trunk/WebServer.m

Mon, 06 Feb 2017 22:16:55 -0800 

Author: rfm
Date: Tue Feb  7 07:16:38 2017
New Revision: 40328

URL: http://svn.gna.org/viewcvs/gnustep?rev=40328&view=rev
Log:
stricter url encoding

Modified:
    libs/webserver/trunk/WebServer.m

Modified: libs/webserver/trunk/WebServer.m
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.m?rev=40328&r1=40327&r2=40328&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.m    (original)
+++ libs/webserver/trunk/WebServer.m    Tue Feb  7 07:16:38 2017
@@ -271,63 +271,30 @@
   NSUInteger   spos = 0;
   NSUInteger   dpos = [d length];
 
+  /* RFC3986 says that alphanumeric, hyphen, dot, underscore and tilde
+   * are the only characters that should not be escaped in a URL.
+   */
+
   [d setLength: dpos + 3 * length];
   dst = (uint8_t *)[d mutableBytes];
   while (spos < length)
     {
       uint8_t          c = bytes[spos++];
-      NSUInteger       hi;
-      NSUInteger       lo;
-
-      switch (c)
-       {
-         case ' ':
-         case '!':
-         case '"':
-         case '#':
-         case '$':
-         case '%':
-         case '&':
-         case '(':
-         case ')':
-         case '*':
-         case '+':
-         case ',':
-         case '/':
-         case ':':
-         case ';':
-         case '<':
-         case '=':
-         case '>':
-         case '?':
-         case '@':
-         case '[':
-         case '\'':
-         case '\\':
-         case ']':
-         case '{':
-         case '}':
-           dst[dpos++] = '%';
-           hi = (c & 0xf0) >> 4;
-           dst[dpos++] = (hi > 9) ? 'A' + hi - 10 : '0' + hi;
-           lo = (c & 0x0f);
-           dst[dpos++] = (lo > 9) ? 'A' + lo - 10 : '0' + lo;
-           break;
-
-         default:
-           if (c < ' ' || c > 127)
-             {
-               dst[dpos++] = '%';
-               hi = (c & 0xf0) >> 4;
-               dst[dpos++] = (hi > 9) ? 'A' + hi - 10 : '0' + hi;
-               lo = (c & 0x0f);
-               dst[dpos++] = (lo > 9) ? 'A' + lo - 10 : '0' + lo;
-             }
-           else
-             {
-               dst[dpos++] = c;
-             }
-           break;
+
+      if (isalnum(c) || '-' == c || '.' == c || '_' == c || '~' == c)
+        {
+          dst[dpos++] = c;
+        }
+      else
+       {
+          uint8_t      hi;
+          uint8_t      lo;
+
+          dst[dpos++] = '%';
+          hi = (c & 0xf0) >> 4;
+          dst[dpos++] = (hi > 9) ? 'A' + hi - 10 : '0' + hi;
+          lo = (c & 0x0f);
+          dst[dpos++] = (lo > 9) ? 'A' + lo - 10 : '0' + lo;
        }
     }
   [d setLength: dpos];


_______________________________________________
Gnustep-cvs mailing list
[email protected]
https://mail.gna.org/listinfo/gnustep-cvs

Reply via email to