curl/lib/escape.c

/*****************************************************************************
 *                                  _   _ ____  _     
 *  Project                     ___| | | |  _ \| |    
 *                             / __| | | | |_) | |    
 *                            | (__| |_| |  _ <| |___ 
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2000, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * In order to be useful for every potential user, curl and libcurl are
 * dual-licensed under the MPL and the MIT/X-derivate licenses.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the MPL or the MIT/X-derivate
 * licenses. You may pick one of these licenses.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * $Id$
 *****************************************************************************/

/* Escape and unescape URL encoding in strings. The functions return a new
 * allocated string or NULL if an error occurred.  */

#include "setup.h"
#include <curl/curl.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* The last #include file should be: */
#ifdef MALLOCDEBUG
#include "memdebug.h"
#endif

char *curl_escape(char *string)
{
   int alloc=strlen(string)+1;
   char *ns = malloc(alloc);
   unsigned char in;
   int newlen = alloc;
   int index=0;

   while(*string) {
      in = *string;
      if(' ' == in)
	 ns[index++] = '+';
      else if(!(in >= 'a' && in <= 'z') &&
	      !(in >= 'A' && in <= 'Z') &&
	      !(in >= '0' && in <= '9')) {
	 /* encode it */
	 newlen += 2; /* the size grows with two, since this'll become a %XX */
	 if(newlen > alloc) {
	    alloc *= 2;
	    ns = realloc(ns, alloc);
	    if(!ns)
	       return NULL;
	 }
	 sprintf(&ns[index], "%%%02X", in);
	 index+=3;
      }
      else {
	 /* just copy this */
	 ns[index++]=in;
      }
      string++;
   }
   ns[index]=0; /* terminate it */
   return ns;
}

char *curl_unescape(char *string, int length)
{
   int alloc = (length?length:strlen(string))+1;
   char *ns = malloc(alloc);
   unsigned char in;
   int index=0;
   unsigned int hex;
   char querypart=FALSE; /* everything to the right of a '?' letter is
                            the "query part" where '+' should become ' '.
                            RFC 2316, section 3.10 */
  
   while(--alloc > 0) {
      in = *string;
      if(querypart && ('+' == in))
         in = ' ';
      else if(!querypart && ('?' == in)) {
        /* we have "walked in" to the query part */
        querypart=TRUE;
      }
      else if('%' == in) {
        /* encoded part */
        if(sscanf(string+1, "%02X", &hex)) {
          in = hex;
          string+=2;
          alloc-=2;
        }
      }

      ns[index++] = in;
      string++;
   }
   ns[index]=0; /* terminate it */
   return ns;
  
}
Initial revision 1999-12-29 09:20:26 -05:00			`/*****************************************************************************`
			`* _ _ ____ _`
			`* Project ___\| \| \| \| _ \\| \|`
			`* / __\| \| \| \| \|_) \| \|`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
dual-license fix 2001-01-03 04:29:33 -05:00			`* Copyright (C) 2000, Daniel Stenberg, <daniel@haxx.se>, et al.`
Initial revision 1999-12-29 09:20:26 -05:00			`*`
dual-license fix 2001-01-03 04:29:33 -05:00			`* In order to be useful for every potential user, curl and libcurl are`
			`* dual-licensed under the MPL and the MIT/X-derivate licenses.`
Initial revision 1999-12-29 09:20:26 -05:00			`*`
dual-license fix 2001-01-03 04:29:33 -05:00			`* You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`* copies of the Software, and permit persons to whom the Software is`
			`* furnished to do so, under the terms of the MPL or the MIT/X-derivate`
			`* licenses. You may pick one of these licenses.`
Initial revision 1999-12-29 09:20:26 -05:00			`*`
dual-license fix 2001-01-03 04:29:33 -05:00			`* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`* KIND, either express or implied.`
Initial revision 1999-12-29 09:20:26 -05:00			`*`
dual-license fix 2001-01-03 04:29:33 -05:00			`* $Id$`
			`*****************************************************************************/`
Initial revision 1999-12-29 09:20:26 -05:00
			`/* Escape and unescape URL encoding in strings. The functions return a new`
			`* allocated string or NULL if an error occurred. */`

in unescape(), '+' is now only converted to space after the first '?' 2000-08-31 08:03:04 -04:00			`#include "setup.h"`
			`#include <curl/curl.h>`

Initial revision 1999-12-29 09:20:26 -05:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`

added memory debugging include file 2000-10-09 07:12:34 -04:00			`/* The last #include file should be: */`
			`#ifdef MALLOCDEBUG`
			`#include "memdebug.h"`
			`#endif`

Initial revision 1999-12-29 09:20:26 -05:00			`char curl_escape(char string)`
			`{`
curl_unescape() could make a buffer overflow 2000-03-20 05:22:12 -05:00			`int alloc=strlen(string)+1;`
Initial revision 1999-12-29 09:20:26 -05:00			`char *ns = malloc(alloc);`
			`unsigned char in;`
			`int newlen = alloc;`
			`int index=0;`

			`while(*string) {`
			`in = *string;`
			`if(' ' == in)`
			`ns[index++] = '+';`
			`else if(!(in >= 'a' && in <= 'z') &&`
			`!(in >= 'A' && in <= 'Z') &&`
			`!(in >= '0' && in <= '9')) {`
			`/* encode it */`
			`newlen += 2; /* the size grows with two, since this'll become a %XX */`
			`if(newlen > alloc) {`
			`alloc *= 2;`
			`ns = realloc(ns, alloc);`
			`if(!ns)`
			`return NULL;`
			`}`
			`sprintf(&ns[index], "%%%02X", in);`
			`index+=3;`
			`}`
			`else {`
			`/* just copy this */`
			`ns[index++]=in;`
			`}`
			`string++;`
			`}`
			`ns[index]=0; /* terminate it */`
			`return ns;`
			`}`

moved here from the newlib branch 2000-05-22 10:12:12 -04:00			`char curl_unescape(char string, int length)`
Initial revision 1999-12-29 09:20:26 -05:00			`{`
moved here from the newlib branch 2000-05-22 10:12:12 -04:00			`int alloc = (length?length:strlen(string))+1;`
Initial revision 1999-12-29 09:20:26 -05:00			`char *ns = malloc(alloc);`
			`unsigned char in;`
			`int index=0;`
use unsigned int hex to receive the hex digit in, caused a warning with -Wall and a new gcc 2001-03-09 10:11:39 -05:00			`unsigned int hex;`
in unescape(), '+' is now only converted to space after the first '?' 2000-08-31 08:03:04 -04:00			`char querypart=FALSE; /* everything to the right of a '?' letter is`
			`the "query part" where '+' should become ' '.`
			`RFC 2316, section 3.10 */`
moved here from the newlib branch 2000-05-22 10:12:12 -04:00
curl_unescape() did not stop at the set length properly when %-codes were used 2000-11-21 14:01:53 -05:00			`while(--alloc > 0) {`
Initial revision 1999-12-29 09:20:26 -05:00			`in = *string;`
in unescape(), '+' is now only converted to space after the first '?' 2000-08-31 08:03:04 -04:00			`if(querypart && ('+' == in))`
			`in = ' ';`
			`else if(!querypart && ('?' == in)) {`
			`/* we have "walked in" to the query part */`
			`querypart=TRUE;`
			`}`
Initial revision 1999-12-29 09:20:26 -05:00			`else if('%' == in) {`
in unescape(), '+' is now only converted to space after the first '?' 2000-08-31 08:03:04 -04:00			`/* encoded part */`
			`if(sscanf(string+1, "%02X", &hex)) {`
			`in = hex;`
			`string+=2;`
curl_unescape() did not stop at the set length properly when %-codes were used 2000-11-21 14:01:53 -05:00			`alloc-=2;`
in unescape(), '+' is now only converted to space after the first '?' 2000-08-31 08:03:04 -04:00			`}`
Initial revision 1999-12-29 09:20:26 -05:00			`}`

			`ns[index++] = in;`
			`string++;`
			`}`
			`ns[index]=0; /* terminate it */`
			`return ns;`

			`}`