From: Jaroslav Kysela <perex@perex.cz>
Date: Wed, 28 Dec 2016 18:42:38 +0000 (+0100)
Subject: http: deescape username/password for basic and digest auth, fixes #4147
X-Git-Tag: v4.2.1~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97629167883cfa9ab24c59c3aa9a28a5e6bddd18;p=thirdparty%2Ftvheadend.git

http: deescape username/password for basic and digest auth, fixes #4147
---

diff --git a/src/http.c b/src/http.c
index 7ab3a7f04..eb8e278b0 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1152,6 +1152,8 @@ process_request(http_connection_t *hc, htsbuf_queue_t *spill)
         if((n = http_tokenize(authbuf, argv, 2, ':')) == 2) {
           hc->hc_username = tvh_strdupa(argv[0]);
           hc->hc_password = tvh_strdupa(argv[1]);
+          http_deescape(hc->hc_username);
+          http_deescape(hc->hc_password);
           // No way to actually track this
         }
       } else if (strcasecmp(argv[0], "digest") == 0) {
@@ -1166,6 +1168,7 @@ process_request(http_connection_t *hc, htsbuf_queue_t *spill)
         v = http_get_header_value(argv[1], "username");
         hc->hc_authhdr  = tvh_strdupa(argv[1]);
         hc->hc_username = tvh_strdupa(v);
+        http_deescape(hc->hc_username);
         free(v);
       } else {
         http_error(hc, HTTP_STATUS_BAD_REQUEST);