From: Tarmo Oja <tarmo.oja@cyber.ee>
Date: Thu, 22 Aug 2024 09:57:06 +0000 (+0300)
Subject: [PATCH] Encode constructed path to be URL safe.
X-Git-Tag: 3.10.0~26^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f2d38dea046cfdfc6267a74625ce45be3f6d21c;p=thirdparty%2Frspamd.git

[PATCH] Encode constructed path to be URL safe.

fix #4643
---

diff --git a/lualib/lua_scanners/icap.lua b/lualib/lua_scanners/icap.lua
index 682562d858..2e3ced0344 100644
--- a/lualib/lua_scanners/icap.lua
+++ b/lualib/lua_scanners/icap.lua
@@ -245,7 +245,7 @@ local function icap_check(task, content, digest, rule, maybe_part)
         local req_hlen = 2
         if maybe_part then
           table.insert(req_headers,
-              string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, maybe_part:get_filename()))
+              string.format('GET http://%s/%s HTTP/1.0\r\n', in_client_ip, lua_util.url_encode_string(maybe_part:get_filename())))
           if rule.use_specific_content_type then
             table.insert(http_headers, string.format('Content-Type: %s/%s\r\n', maybe_part:get_detected_type()))
             --else
diff --git a/lualib/lua_util.lua b/lualib/lua_util.lua
index a64f8abc9a..8f44e25f20 100644
--- a/lualib/lua_util.lua
+++ b/lualib/lua_util.lua
@@ -1687,6 +1687,24 @@ local function join_path(...)
 end
 exports.join_path = join_path
 
+---[[[
+-- @function lua_util.url_encode_string(str)
+-- URL encodes a string
+--
+-- @param {string} str string to encode
+-- @return {string} URL encoded string
+--
+---]]]
+local function url_encode_string(str)
+  str = string.gsub(str, "([^%w _%%%-%.~])",
+      function(c)
+        return string.format("%%%02X", string.byte(c))
+      end)
+  str = string.gsub(str, " ", "+")
+  return str
+end
+exports.url_encode_string = url_encode_string
+
 -- Short unit test for sanity
 if path_sep == '/' then
   assert(join_path('/path', 'to', 'file') == '/path/to/file')