mirror of https://github.com/ipxe/ipxe.git
1844aacc83
iPXE decodes any percent-encoded characters during the URI parsing stage, thereby allowing protocol implementations to consume the raw field values directly without further decoding. When reconstructing a URI string for use in an HTTP request line, the percent-encoding is currently reapplied in a reversible way: we guarantee that our reconstructed URI string could be decoded to give the same raw field values. This technically violates RFC3986, which states that "URIs that differ in the replacement of a reserved character with its corresponding percent-encoded octet are not equivalent". Experiments show that several HTTP server applications will attach meaning to the choice of whether or not a particular character was percent-encoded, even when the percent-encoding is unnecessary from the perspective of parsing the URI into its component fields. Fix by storing the originally encoded substrings for the path, query, and fragment fields and using these original encoded versions when reconstructing a URI string. The path field is also stored as a decoded string, for use by protocols such as TFTP that communicate using raw strings rather than URI-encoded strings. All other fields (such as the username and password) continue to be stored only in their decoded versions since nothing ever needs to know the originally encoded versions of these fields. Signed-off-by: Michael Brown <mcb30@ipxe.org> |
||
|---|---|---|
| .. | ||
| ftp.c | ||
| http.c | ||
| httpauth.c | ||
| httpbasic.c | ||
| httpblock.c | ||
| httpconn.c | ||
| httpcore.c | ||
| httpdigest.c | ||
| httpgce.c | ||
| httpntlm.c | ||
| https.c | ||
| iscsi.c | ||
| oncrpc.c | ||
| syslogs.c | ||