From ab9fc249a81b3626a9c90f754e4f50e9789320c4 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Fri, 3 Nov 2017 20:13:39 +0100
Subject: [PATCH] fix htsbuf_append_and_escape_url() - don't escape more
 allowed characters, fixes #3721

---
 src/htsbuf.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/htsbuf.c b/src/htsbuf.c
index c9193e92f..545eacdbe 100644
--- a/src/htsbuf.c
+++ b/src/htsbuf.c
@@ -406,13 +406,24 @@ htsbuf_append_and_escape_url(htsbuf_queue_t *hq, const char *s)
     char buf[4];
     C = *c++;
     
+    /* RFC 3986, section 3.4 */
     if((C >= '0' && C <= '9') ||
        (C >= 'a' && C <= 'z') ||
        (C >= 'A' && C <= 'Z') ||
-       C == '_' ||
-       C == '~' ||
-       C == '.' ||
-       C == '-') {
+       C == '/'  ||
+       C == ':'  ||
+       C == '@'  ||
+       C == '-'  ||
+       C == '.'  ||
+       C == '~'  ||
+       C == '!'  ||
+       C == '$'  ||
+       C == '\'' ||
+       C == '('  ||
+       C == ')'  ||
+       C == '*'  ||
+       C == ','  ||
+       C == ';') {
       esc = NULL;
     } else {
       static const char hexchars[16] = "0123456789ABCDEF";
-- 
2.47.2