Curl_follow: handle redirects to "//hostname/path"

2024-12-21 23:58:49 -05:00 · 2011-09-20 11:13:32 +02:00 · 2011-09-20 11:13:32 +02:00 · 81b41095ef
commit 81b41095ef
parent 49c35a7f9f
3 changed files with 108 additions and 19 deletions
--- a/lib/transfer.c
+++ b/lib/transfer.c
@ -1699,26 +1699,37 @@ static char *concat_url(const char *base, const char *relurl)
    }
  }
  else {
-    /* We got a new absolute path for this server, cut off from the
-       first slash */
-    pathsep = strchr(protsep, '/');
-    if(pathsep) {
-      /* When people use badly formatted URLs, such as
-         "http://www.url.com?dir=/home/daniel" we must not use the first
-         slash, if there's a ?-letter before it! */
-      char *sep = strchr(protsep, '?');
-      if(sep && (sep < pathsep))
-        pathsep = sep;
-      *pathsep=0;
+    /* We got a new absolute path for this server */
+
+    if((relurl[0] == '/') && (relurl[1] == '/')) {
+      /* the new URL starts with //, just keep the protocol part from the
+         original one */
+      *protsep=0;
+      useurl = &relurl[2]; /* we keep the slashes from the original, so we
+                              skip the new ones */
    }
    else {
-      /* There was no slash. Now, since we might be operating on a badly
-         formatted URL, such as "http://www.url.com?id=2380" which doesn't
-         use a slash separator as it is supposed to, we need to check for a
-         ?-letter as well! */
-      pathsep = strchr(protsep, '?');
-      if(pathsep)
+      /* cut off the original URL from the first slash, or deal with URLs
+         without slash */
+      pathsep = strchr(protsep, '/');
+      if(pathsep) {
+        /* When people use badly formatted URLs, such as
+           "http://www.url.com?dir=/home/daniel" we must not use the first
+           slash, if there's a ?-letter before it! */
+        char *sep = strchr(protsep, '?');
+        if(sep && (sep < pathsep))
+          pathsep = sep;
        *pathsep=0;
+      }
+      else {
+        /* There was no slash. Now, since we might be operating on a badly
+           formatted URL, such as "http://www.url.com?id=2380" which doesn't
+           use a slash separator as it is supposed to, we need to check for a
+           ?-letter as well! */
+        pathsep = strchr(protsep, '?');
+        if(pathsep)
+          *pathsep=0;
+      }
    }
  }

@ -1731,8 +1742,8 @@ static char *concat_url(const char *base, const char *relurl)

  urllen = strlen(url_clone);

-  newest = malloc( urllen + 1 + /* possible slash */
-                         newlen + 1 /* zero byte */);
+  newest = malloc(urllen + 1 + /* possible slash */
+                  newlen + 1 /* zero byte */);

  if(!newest) {
    free(url_clone); /* don't leak this */
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -75,6 +75,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125	\
 test1126 test1127 test1128 test1129 test1130 test1131 test1200 test1201	\
 test1202 test1203 test1300 test1301 test1302 test1303 test1304 test1305	\
 test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
+test1314 \
 test2000 test2001 test2002 test2003 test2004

 EXTRA_DIST = $(TESTCASES) DISABLED
--- a/tests/data/test1314
+++ b/tests/data/test1314
@ -0,0 +1,77 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 This is a weirdo text message swsbounce
+Server: test-server/fake
+Location: //somewhere.example.com/reply/1314
+Content-Length: 32
+Connection: close
+
+Redirect to the same URL again!
+</data>
+
+<data1>
+HTTP/1.1 200 okidoki
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+
+moo
+</data>
+
+<datacheck>
+HTTP/1.1 301 This is a weirdo text message swsbounce
+Server: test-server/fake
+Location: //somewhere.example.com/reply/1314
+Content-Length: 32
+Connection: close
+
+HTTP/1.1 200 okidoki
+Server: test-server/fake
+Content-Length: 4
+Connection: close
+
+moo
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP Location: following a // prefixed url
+ </name>
+ <command>
+http://firstplace.example.com/want/1314 -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent: curl/.*
+</strip>
+<protocol>
+GET http://firstplace.example.com/want/1314 HTTP/1.1
+Host: firstplace.example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://somewhere.example.com/reply/1314 HTTP/1.1
+Host: somewhere.example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>