diff options
author | Micael Karlberg <[email protected]> | 2011-10-26 13:56:09 +0200 |
---|---|---|
committer | Micael Karlberg <[email protected]> | 2011-10-26 13:56:09 +0200 |
commit | 37650c5ab7d286cdf4a4afa0d6eff1d915f57cff (patch) | |
tree | dc439de6c33fca9e166dc3b16ed46ec5e8cfb40e /lib/inets | |
parent | 9b6f04a6dfb955a6615f632197f3d70487a97d26 (diff) | |
download | otp-37650c5ab7d286cdf4a4afa0d6eff1d915f57cff.tar.gz otp-37650c5ab7d286cdf4a4afa0d6eff1d915f57cff.tar.bz2 otp-37650c5ab7d286cdf4a4afa0d6eff1d915f57cff.zip |
Fixed HTML encode. First *try* to hex decode uri, and then
do the actual html encode.
OTP-9655
Diffstat (limited to 'lib/inets')
-rw-r--r-- | lib/inets/src/http_server/httpd_request.erl | 8 | ||||
-rw-r--r-- | lib/inets/src/http_server/httpd_util.erl | 10 |
2 files changed, 12 insertions, 6 deletions
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 75f03c4fc2..1c23316ecb 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -261,12 +261,12 @@ validate_uri(RequestURI) -> (catch http_uri:decode(string:left(RequestURI, Ndx))) end, case UriNoQueryNoHex of - {'EXIT',_Reason} -> + {'EXIT', _Reason} -> {error, {bad_request, {malformed_syntax, RequestURI}}}; _ -> - Path = format_request_uri(UriNoQueryNoHex), - Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938 - validate_path( Path2,0, RequestURI) + Path = format_request_uri(UriNoQueryNoHex), + Path2 = [X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938 + validate_path(Path2, 0, RequestURI) end. validate_path([], _, _) -> diff --git a/lib/inets/src/http_server/httpd_util.erl b/lib/inets/src/http_server/httpd_util.erl index 366843354e..15bfe9c621 100644 --- a/lib/inets/src/http_server/httpd_util.erl +++ b/lib/inets/src/http_server/httpd_util.erl @@ -245,7 +245,13 @@ maybe_encode(URI) -> end. html_encode(String) -> - http_util:html_encode(http_uri:decode(String)). + try http_uri:decode(String) of + Decoded when is_list(Decoded) -> + http_util:html_encode(Decoded) + catch + _:_ -> + http_util:html_encode(String) + end. %%convert_rfc_date(Date)->{{YYYY,MM,DD},{HH,MIN,SEC}} @@ -259,7 +265,7 @@ convert_request_date([D,A,Y,DateType| Rest])-> fun convert_rfc850_date/1 end, case catch Func([D,A,Y,DateType| Rest]) of - {ok,Date} -> + {ok, Date} -> Date; _Error-> bad_date |