diff options
author | Tarmo Oja <tarmo.oja@cyber.ee> | 2024-08-22 12:57:06 +0300 |
---|---|---|
committer | Tarmo Oja <tarmo.oja@cyber.ee> | 2024-08-22 12:57:06 +0300 |
commit | 0f2d38dea046cfdfc6267a74625ce45be3f6d21c (patch) | |
tree | b18d24b670bf80a7fa70c3dc328fd0e74402cee0 | |
parent | 7138860d0598fe55f349bc99dae36064e9f2d7ff (diff) | |
download | rspamd-0f2d38dea046cfdfc6267a74625ce45be3f6d21c.tar.gz rspamd-0f2d38dea046cfdfc6267a74625ce45be3f6d21c.zip |
[PATCH] Encode constructed path to be URL safe.
fix #4643
-rw-r--r-- | lualib/lua_scanners/icap.lua | 2 | ||||
-rw-r--r-- | lualib/lua_util.lua | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua index 682562d85..2e3ced034 100644 --- a/lualib/lua_scanners/icap.lua +++ b/lualib/lua_scanners/icap.lua @@ -245,7 +245,7 @@ local function icap_check(task, content, digest, rule, maybe_part) local req_hlen = 2 if maybe_part then table.insert(req_headers, - string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, maybe_part:get_filename())) + string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, lua_util.url_encode_string(maybe_part:get_filename()))) if rule.use_specific_content_type then table.insert(http_headers, string.format('Content-Type: %s/%s\r\n', maybe_part:get_detected_type())) --else diff --git a/lualib/lua_util.lua b/lualib/lua_util.lua index a64f8abc9..8f44e25f2 100644 --- a/lualib/lua_util.lua +++ b/lualib/lua_util.lua @@ -1687,6 +1687,24 @@ local function join_path(...) end exports.join_path = join_path +---[[[ +-- @function lua_util.url_encode_string(str) +-- URL encodes a string +-- +-- @param {string} str string to encode +-- @return {string} URL encoded string +-- +---]]] +local function url_encode_string(str) + str = string.gsub(str, "([^%w _%%%-%.~])", + function(c) + return string.format("%%%02X", string.byte(c)) + end) + str = string.gsub(str, " ", "+") + return str +end +exports.url_encode_string = url_encode_string + -- Short unit test for sanity if path_sep == '/' then assert(join_path('/path', 'to', 'file') == '/path/to/file') |