From f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sat, 22 Dec 2018 02:38:09 +0100 Subject: html: double escape literal + in URLs It's unclear whether this is correct or whether my server is double decoding. Signed-off-by: Jason A. Donenfeld --- html.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html.c b/html.c index 0bac34b..1b00173 100644 --- a/html.c +++ b/html.c @@ -17,7 +17,7 @@ static const char* url_escape_table[256] = { "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f", "%20", NULL, "%22", "%23", NULL, "%25", "%26", "%27", - NULL, NULL, NULL, "%2b", NULL, NULL, NULL, NULL, + NULL, NULL, NULL, "%252b", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "%3c", "%3d", "%3e", "%3f", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -200,7 +200,7 @@ void html_url_path(const char *txt) while (t && *t) { unsigned char c = *t; const char *e = url_escape_table[c]; - if (e && c != '+' && c != '&') { + if (e && c != '&') { html_raw(txt, t - txt); html(e); txt = t + 1; -- cgit v1.2.3-18-g5258