aboutsummaryrefslogtreecommitdiffstats
path: root/lualib
diff options
context:
space:
mode:
authorTarmo Oja <tarmo.oja@cyber.ee>2024-08-22 12:57:06 +0300
committerTarmo Oja <tarmo.oja@cyber.ee>2024-08-22 12:57:06 +0300
commit0f2d38dea046cfdfc6267a74625ce45be3f6d21c (patch)
treeb18d24b670bf80a7fa70c3dc328fd0e74402cee0 /lualib
parent7138860d0598fe55f349bc99dae36064e9f2d7ff (diff)
downloadrspamd-0f2d38dea046cfdfc6267a74625ce45be3f6d21c.tar.gz
rspamd-0f2d38dea046cfdfc6267a74625ce45be3f6d21c.zip
[PATCH] Encode constructed path to be URL safe.
fix #4643
Diffstat (limited to 'lualib')
-rw-r--r--lualib/lua_scanners/icap.lua2
-rw-r--r--lualib/lua_util.lua18
2 files changed, 19 insertions, 1 deletions
diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua
index 682562d85..2e3ced034 100644
--- a/lualib/lua_scanners/icap.lua
+++ b/lualib/lua_scanners/icap.lua
@@ -245,7 +245,7 @@ local function icap_check(task, content, digest, rule, maybe_part)
local req_hlen = 2
if maybe_part then
table.insert(req_headers,
- string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, maybe_part:get_filename()))
+ string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, lua_util.url_encode_string(maybe_part:get_filename())))
if rule.use_specific_content_type then
table.insert(http_headers, string.format('Content-Type: %s/%s\r\n', maybe_part:get_detected_type()))
--else
diff --git a/lualib/lua_util.lua b/lualib/lua_util.lua
index a64f8abc9..8f44e25f2 100644
--- a/lualib/lua_util.lua
+++ b/lualib/lua_util.lua
@@ -1687,6 +1687,24 @@ local function join_path(...)
end
exports.join_path = join_path
+---[[[
+-- @function lua_util.url_encode_string(str)
+-- URL encodes a string
+--
+-- @param {string} str string to encode
+-- @return {string} URL encoded string
+--
+---]]]
+local function url_encode_string(str)
+ str = string.gsub(str, "([^%w _%%%-%.~])",
+ function(c)
+ return string.format("%%%02X", string.byte(c))
+ end)
+ str = string.gsub(str, " ", "+")
+ return str
+end
+exports.url_encode_string = url_encode_string
+
-- Short unit test for sanity
if path_sep == '/' then
assert(join_path('/path', 'to', 'file') == '/path/to/file')