* Convert a URL-encoded string to canonical form. * It decodes characters which need not be encoded, * and encodes those which must be encoded, and does not touch * those which must not be touched. */
| 218 | * those which must not be touched. |
| 219 | */ |
| 220 | PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len, |
| 221 | enum enctype t, int flags, |
| 222 | int proxyreq) |
| 223 | { |
| 224 | int i, j, ch; |
| 225 | char *y; |
| 226 | char *allowed; /* characters which should not be encoded */ |
| 227 | char *reserved; /* characters which much not be en/de-coded */ |
| 228 | int forcedec = flags & PROXY_CANONENC_FORCEDEC; |
| 229 | int noencslashesenc = flags & PROXY_CANONENC_NOENCODEDSLASHENCODING; |
| 230 | |
| 231 | /* |
| 232 | * N.B. in addition to :@&=, this allows ';' in an http path |
| 233 | * and '?' in an ftp path -- this may be revised |
| 234 | * |
| 235 | * Also, it makes a '+' character in a search string reserved, as |
| 236 | * it may be form-encoded. (Although RFC 1738 doesn't allow this - |
| 237 | * it only permits ; / ? : @ = & as reserved chars.) |
| 238 | */ |
| 239 | if (t == enc_path) { |
| 240 | allowed = "~$-_.+!*'(),;:@&="; |
| 241 | } |
| 242 | else if (t == enc_search) { |
| 243 | allowed = "$-_.!*'(),;:@&="; |
| 244 | } |
| 245 | else if (t == enc_user) { |
| 246 | allowed = "$-_.+!*'(),;@&="; |
| 247 | } |
| 248 | else if (t == enc_fpath) { |
| 249 | allowed = "$-_.+!*'(),?:@&="; |
| 250 | } |
| 251 | else { /* if (t == enc_parm) */ |
| 252 | allowed = "$-_.+!*'(),?/:@&="; |
| 253 | } |
| 254 | |
| 255 | if (t == enc_path) { |
| 256 | reserved = "/"; |
| 257 | } |
| 258 | else if (t == enc_search) { |
| 259 | reserved = "+"; |
| 260 | } |
| 261 | else { |
| 262 | reserved = ""; |
| 263 | } |
| 264 | |
| 265 | y = apr_palloc(p, 3 * len + 1); |
| 266 | |
| 267 | for (i = 0, j = 0; i < len; i++, j++) { |
| 268 | /* always handle '/' first */ |
| 269 | ch = x[i]; |
| 270 | if (strchr(reserved, ch)) { |
| 271 | y[j] = ch; |
| 272 | continue; |
| 273 | } |
| 274 | /* |
| 275 | * decode it if not already done. do not decode reverse proxied URLs |
| 276 | * unless specifically forced |
| 277 | */ |
no test coverage detected