commit e54fdbded22b05205389d01d237bae7f0cdf8a42
parent ec5e8d40bf661eb164771c4b7e16f07e57cdd33b
Author: Matthias Balk <mbalk@mbalk.de>
Date: Wed, 6 May 2026 17:51:17 +0200
Fix: first parameter had not been decoded
Diffstat:
4 files changed, 53 insertions(+), 14 deletions(-)
diff --git a/Makefile b/Makefile
@@ -34,10 +34,14 @@ bin/mittag.cgi: utils.o date-utils.o http.o mittag.o
mkdir -p bin
${CC} ${OPTIM_DEBUG} utils.o date-utils.o http.o mittag.o ${LIBS_BSD_OVERLAY} ${LIBS_SQLITE} -static -o bin/mittag.cgi
-test: all var/mittag.db
+test: clean all var/mittag.db
#echo 'vote-2=2&vote-6=6&vote-43=43&name=m%C3%A4+%C3%9F+%C3%84+%C3%A9%20%E2%99%A5&date=2024-01-12' | PATH_INFO=/votes REQUEST_METHOD=POST CONTENT_TYPE=application/x-www-form-urlencoded bin/mittag.cgi
PATH_INFO=/votes QUERY_STRING="date=2012-05-10" REQUEST_METHOD=GET bin/mittag.cgi
#PATH_INFO=/votes QUERY_STRING="foobar=2024-07-27" REQUEST_METHOD=GET bin/mittag.cgi
+ mkdir -p test
+ ${CC} ${OPTIM_DEBUG} ${CFLAGS} -c src/http_test.c -static -o test/http_test.o
+ ${CC} ${OPTIM_DEBUG} utils.o date-utils.o http.o test/http_test.o ${LIBS_BSD_OVERLAY} ${LIBS_SQLITE} -static -o test/http_test
+ test/http_test
run-test-server: bin/mittag.cgi bin/var/mittag.db thttpd-2.29/thttpd
echo starting http daemon
@@ -58,6 +62,7 @@ bin/var/mittag.db:
clean:
rm -f bin/mittag.cgi mittag.o utils.o date-utils.o http.o \
lunch-poll-legacy*.tar.gz
+ rm -fr test
tags:
ctags -R . /usr/include/sqlite3*
diff --git a/src/config.h b/src/config.h
@@ -6,7 +6,7 @@
#ifndef __CONFIG_H__
#define __CONFIG_H__
-#define PROG_VERSION "1.3.2"
+#define PROG_VERSION "1.3.3"
#define PROG_NAME "Lunch Poll Legacy"
#define COPYRIGHT "Copyright 2024 - 2026 Matthias Balk"
#define SOURCE_CODE_DOWNLOAD_URL ((char *) NULL)
diff --git a/src/http.c b/src/http.c
@@ -1,6 +1,6 @@
/**
* Lunch Poll Legacy
- * Copyright 2024, 2025 Matthias Balk
+ * Copyright 2024 - 2026 Matthias Balk
*/
#include <ctype.h>
@@ -86,6 +86,18 @@ void urldecode(const char *src, char *dst /*, size_t dst_size TODO*/)
*dst++ = '\0';
}
+static void decode_param_value(char* param)
+{
+ /* we expected the decoded string to be shorter than the encoded string! */
+ if (param != NULL) {
+ char *value = strchr(param, '=') + 1;
+ size_t sz = strlen(value) + 1;
+ char *value_tmp = calloc(sz, sizeof (char));
+ urldecode(value, value_tmp);
+ strlcpy(value, value_tmp, sz * sizeof (char));
+ free(value_tmp);
+ }
+}
/*
* Uses strtok(3), x_www_form_urlencoded will be changed!
@@ -94,21 +106,14 @@ void split_and_decode_form_params(char* x_www_form_urlencoded, char** params)
{
int idx = 0;
params[idx] = strtok(x_www_form_urlencoded, "&");
- while (params[idx++] != NULL) {
- if (idx >= MAX_PARAMS_COUNT) {
+ while (params[idx] != NULL) {
+ decode_param_value(params[idx]);
+
+ if (++idx >= MAX_PARAMS_COUNT) {
fprintf(stderr, "error: too many params (>= %d)\n", MAX_PARAMS_COUNT);
err_exit("error: too many params");
}
params[idx] = strtok(NULL, "&");
- /* we expected the decoded string to be shorter than the encoded string! */
- if (params[idx] != NULL) {
- char *value = strchr(params[idx], '=') + 1;
- size_t sz = strlen(value) + 1;
- char *value_tmp = calloc(sz, sizeof (char));
- urldecode(value, value_tmp);
- strlcpy(value, value_tmp, sz * sizeof (char));
- free(value_tmp);
- }
}
}
diff --git a/src/http_test.c b/src/http_test.c
@@ -0,0 +1,29 @@
+/**
+ * Lunch Poll Legacy
+ * Copyright 2026 Matthias Balk
+ */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "http.h"
+
+static void test_split_and_decode_form_params()
+{
+ char query_string[20];
+ strcpy(query_string, "x=a%2Cb&y=c%20d");
+
+ char* params[MAX_POST_SIZE];
+ split_and_decode_form_params(query_string, params);
+
+ assert(strcmp(params[0], "x=a,b") == 0);
+ assert(strcmp(params[1], "y=c d") == 0);
+}
+
+int main(int argc, char **argv)
+{
+ test_split_and_decode_form_params();
+
+ return EXIT_SUCCESS;
+}
