From: Jaroslav Kysela <perex@perex.cz>
Date: Fri, 3 Nov 2017 19:13:39 +0000 (+0100)
Subject: fix htsbuf_append_and_escape_url() - don't escape more allowed characters, fixes... 
X-Git-Tag: v4.2.5~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab9fc249a;p=thirdparty%2Ftvheadend.git

fix htsbuf_append_and_escape_url() - don't escape more allowed characters, fixes #3721
---

diff --git a/src/htsbuf.c b/src/htsbuf.c
index c9193e92f..545eacdbe 100644
--- a/src/htsbuf.c
+++ b/src/htsbuf.c
@@ -406,13 +406,24 @@ htsbuf_append_and_escape_url(htsbuf_queue_t *hq, const char *s)
     char buf[4];
     C = *c++;
     
+    /* RFC 3986, section 3.4 */
     if((C >= '0' && C <= '9') ||
        (C >= 'a' && C <= 'z') ||
        (C >= 'A' && C <= 'Z') ||
-       C == '_' ||
-       C == '~' ||
-       C == '.' ||
-       C == '-') {
+       C == '/'  ||
+       C == ':'  ||
+       C == '@'  ||
+       C == '-'  ||
+       C == '.'  ||
+       C == '~'  ||
+       C == '!'  ||
+       C == '$'  ||
+       C == '\'' ||
+       C == '('  ||
+       C == ')'  ||
+       C == '*'  ||
+       C == ','  ||
+       C == ';') {
       esc = NULL;
     } else {
       static const char hexchars[16] = "0123456789ABCDEF";