From b6bb734215a40238ada3a02c9fcddcf5bf934c2c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 6 Nov 2000 08:12:30 +0000 Subject: [PATCH] Emmanuel Tychon found a problem when specifying user-name only in a URL (and the password entered interactively). This fix also includes proper URL-decoding of the user name and password if specified in the URL. --- lib/url.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/url.c b/lib/url.c index 492192ed0..590348029 100644 --- a/lib/url.c +++ b/lib/url.c @@ -109,6 +109,7 @@ #include "progress.h" #include "cookie.h" #include "strequal.h" +#include "escape.h" /* And now for the protocols */ #include "ftp.h" @@ -1129,17 +1130,35 @@ CURLcode curl_connect(CURL *curl, CURLconnect **in_connect) if(*conn->name != ':') { /* the name is given, get user+password */ - sscanf(conn->name, "%127[^:]:%127[^@]", + sscanf(conn->name, "%127[^:@]:%127[^@]", data->user, data->passwd); } else /* no name given, get the password only */ sscanf(conn->name+1, "%127[^@]", data->passwd); + if(data->user[0]) { + char *newname=curl_unescape(data->user, 0); + if(strlen(newname) < sizeof(data->user)) { + strcpy(data->user, newname); + } + /* if the new name is longer than accepted, then just use + the unconverted name, it'll be wrong but what the heck */ + free(newname); + } + /* check for password, if no ask for one */ if( !data->passwd[0] ) { my_getpass("password:",data->passwd,sizeof(data->passwd)); } + else { + /* we have a password found in the URL, decode it! */ + char *newpasswd=curl_unescape(data->passwd, 0); + if(strlen(newpasswd) < sizeof(data->passwd)) { + strcpy(data->passwd, newpasswd); + } + free(newpasswd); + } conn->name = ++ptr; data->bits.user_passwd=1; /* enable user+password */