]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
[uri] Escape the "+" character within HTTP form parameters
authorMichael Brown <mcb30@ipxe.org>
Thu, 16 Jul 2026 15:31:33 +0000 (16:31 +0100)
committerMichael Brown <mcb30@ipxe.org>
Thu, 16 Jul 2026 15:33:43 +0000 (16:33 +0100)
Within application/x-www-form-urlencoded values, a "+" character needs
to be escaped to avoid its being interpreted as a space.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/core/uri.c

index ea0f2bc45b6decd819d2af043f2f828891b5b675..824ad40852eb1fa480a57a9b0d98ca5e75db2d22 100644 (file)
@@ -151,7 +151,7 @@ static int uri_character_escaped ( char c, unsigned int field ) {
         */
        static const char *escaped[URI_EPATH] = {
                /* Scheme or default: escape everything */
-               [URI_SCHEME]    = "/#:@?=&",
+               [URI_SCHEME]    = "/#:@?=&+",
                /* Opaque part: escape characters which would affect
                 * the reparsing of the URI, allowing everything else
                 * (e.g. ':', which will appear in iSCSI URIs).