Commit f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1

Parents: 6a29695be1b5f7746048d170917a031e190f7287

From: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Sat Dec 22 02:38:09 2018 +0700

html: double escape literal + in URLs
It's unclear whether this is correct or whether my server is double
decoding.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Stats

html.c +2/-2

Changeset

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
diff --git a/html.c b/html.c
index 0bac34bcf82b3a31ad3dda25f7c7bcee3d9d8f3a..1b00173560a0d68a717e9aaded468deb4d7d0688 100644
--- a/html.c
+++ b/html.c
@@ -17,7 +17,7 @@ 	"%08", "%09", "%0a", "%0b", "%0c", "%0d", "%0e", "%0f",
 	"%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17",
 	"%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f",
 	"%20", NULL,  "%22", "%23", NULL,  "%25", "%26", "%27",
-	NULL,  NULL,  NULL,  "%2b", NULL,  NULL,  NULL,  NULL,
+	NULL,  NULL,  NULL,  "%252b", NULL,  NULL,  NULL,  NULL,
 	NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,
 	NULL,  NULL,  NULL,  NULL,  "%3c", "%3d", "%3e", "%3f",
 	NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,
@@ -200,7 +200,7 @@ 	const char *t = txt;
 	while (t && *t) {
 		unsigned char c = *t;
 		const char *e = url_escape_table[c];
-		if (e && c != '+' && c != '&') {
+		if (e && c != '&') {
 			html_raw(txt, t - txt);
 			html(e);
 			txt = t + 1;