From e1f4cff68c8693f0894c927ee480eca5c26dd9fc Mon Sep 17 00:00:00 2001
From: hniksic <devnull@localhost>
Date: Mon, 18 Jun 2001 02:08:04 -0700
Subject: [PATCH] [svn] Make sure that slashes don't sneak in as part of file
 name via query string. Published in <sxsu21eb3te.fsf@florida.arsdigita.de>.

---
 src/ChangeLog |  6 ++++++
 src/url.c     | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 82b95296..2eedc987 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2001-06-18  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+	* url.c (url_filename): Make sure that slashes that sneak in to
+	u->file via query string get protected.
+	(file_name_protect_query_string): New function.
+
 2001-06-14  Hrvoje Niksic  <hniksic@arsdigita.com>
 
 	* recur.c (recursive_retrieve): Also check undesirable_urls with
diff --git a/src/url.c b/src/url.c
index 3cc0a43f..3e19c83a 100644
--- a/src/url.c
+++ b/src/url.c
@@ -1030,6 +1030,38 @@ mkstruct (const struct urlinfo *u)
   return res;
 }
 
+/* Return a malloced copy of S, but protect any '/' characters. */
+
+static char *
+file_name_protect_query_string (const char *s)
+{
+  const char *from;
+  char *to, *dest;
+  int destlen = 0;
+  for (from = s; *from; from++)
+    {
+      ++destlen;
+      if (*from == '/')
+	destlen += 2;		/* each / gets replaced with %2F, so
+				   it adds two more chars.  */
+    }
+  dest = (char *)xmalloc (destlen + 1);
+  for (from = s, to = dest; *from; from++)
+    {
+      if (*from != '/')
+	*to++ = *from;
+      else
+	{
+	  *to++ = '%';
+	  *to++ = '2';
+	  *to++ = 'F';
+	}
+    }
+  assert (to - dest == destlen);
+  *to = '\0';
+  return dest;
+}
+
 /* Create a unique filename, corresponding to a given URL.  Calls
    mkstruct if necessary.  Does *not* actually create any directories.  */
 char *
@@ -1048,7 +1080,20 @@ url_filename (const struct urlinfo *u)
       if (!*u->file)
 	file = xstrdup ("index.html");
       else
-	file = xstrdup (u->file);
+	{
+	  /* If the URL came with a query string, u->file will contain
+	     a question mark followed by query string contents.  These
+	     contents can contain '/' which would make us create
+	     unwanted directories.  These slashes must be protected
+	     explicitly.  */
+	  if (!strchr (u->file, '/'))
+	    file = xstrdup (u->file);
+	  else
+	    {
+	      /*assert (strchr (u->file, '?') != NULL);*/
+	      file = file_name_protect_query_string (u->file);
+	    }
+	}
     }
 
   if (!have_prefix)
-- 
2.39.2