From c95c92da7584483368c8761c8cca276b5401530c Mon Sep 17 00:00:00 2001 From: Kristiyan Tsaklev Date: Sat, 7 Oct 2017 17:47:11 +0300 Subject: [PATCH] curl: don't pass semicolons when parsing Content-Disposition Test 1422 updated to verify. Closes #1964 --- src/tool_cb_hdr.c | 15 ++++++--------- tests/data/test1422 | 2 +- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c index bb982d2e4..7f2181f40 100644 --- a/src/tool_cb_hdr.c +++ b/src/tool_cb_hdr.c @@ -161,8 +161,13 @@ static char *parse_filename(const char *ptr, size_t len) else stop = ';'; + /* scan for the end letter and stop there */ + q = strchr(p, stop); + if(q) + *q = '\0'; + /* if the filename contains a path, only use filename portion */ - q = strrchr(copy, '/'); + q = strrchr(p, '/'); if(q) { p = q + 1; if(!*p) { @@ -183,14 +188,6 @@ static char *parse_filename(const char *ptr, size_t len) } } - /* scan for the end letter and stop there */ - for(q = p; *q; ++q) { - if(*q == stop) { - *q = '\0'; - break; - } - } - /* make sure the file name doesn't end in \r or \n */ q = strchr(p, '\r'); if(q) diff --git a/tests/data/test1422 b/tests/data/test1422 index 9b436cc4e..df9d750dd 100644 --- a/tests/data/test1422 +++ b/tests/data/test1422 @@ -16,7 +16,7 @@ Server: test-server/fake Content-Length: 0 Connection: close Content-Type: text/html -Content-Disposition: filename=name1422; charset=funny; option=strange +Content-Disposition: filename=name1422; charset=funny; option=str//nge