| 1068 | } |
| 1069 | |
| 1070 | static void push2table(const char *input, apr_table_t *params, |
| 1071 | const char *allowed[], apr_pool_t *p) |
| 1072 | { |
| 1073 | char *args; |
| 1074 | char *tok, *val; |
| 1075 | char *key; |
| 1076 | |
| 1077 | if (input == NULL) { |
| 1078 | return; |
| 1079 | } |
| 1080 | args = apr_pstrdup(p, input); |
| 1081 | |
| 1082 | key = apr_strtok(args, "&", &tok); |
| 1083 | while (key) { |
| 1084 | val = strchr(key, '='); |
| 1085 | if (val) { |
| 1086 | *val++ = '\0'; |
| 1087 | } |
| 1088 | else { |
| 1089 | val = ""; |
| 1090 | } |
| 1091 | ap_unescape_url(key); |
| 1092 | ap_unescape_url(val); |
| 1093 | /* hcuri, worker name, balancer name, at least are escaped when building the form, so twice */ |
| 1094 | ap_unescape_url(val); |
| 1095 | if (allowed == NULL) { /* allow all */ |
| 1096 | apr_table_set(params, key, val); |
| 1097 | } |
| 1098 | else { |
| 1099 | const char **ok = allowed; |
| 1100 | while (*ok) { |
| 1101 | if (strcmp(*ok, key) == 0) { |
| 1102 | apr_table_set(params, key, val); |
| 1103 | break; |
| 1104 | } |
| 1105 | ok++; |
| 1106 | } |
| 1107 | } |
| 1108 | key = apr_strtok(NULL, "&", &tok); |
| 1109 | } |
| 1110 | } |
| 1111 | |
| 1112 | /* Returns non-zero if the Referer: header value passed matches the |
| 1113 | * host of the request. */ |
no test coverage detected