file: fix query string handling

[project/uhttpd.git] / file.c

diff --git a/file.c b/file.c
index e20071b1186a1fa9adca3cf28c00818a2ee306d4..b3702c8779759778e5fd3cd8c6b9eb98260dbafa 100644 (file)
--- a/file.c
+++ b/file.c
@@ -132,6 +132,7 @@ uh_path_lookup(struct client *cl, const char *url)
 {
        static char path_phys[PATH_MAX];
        static char path_info[PATH_MAX];
+       static char path_query[PATH_MAX];
        static struct path_info p;
 
        const char *docroot = conf.docroot;
@@ -156,7 +157,11 @@ uh_path_lookup(struct client *cl, const char *url)
 
        /* separate query string from url */
        if ((pathptr = strchr(url, '?')) != NULL) {
-               p.query = pathptr[1] ? pathptr + 1 : NULL;
+               if (pathptr[1]) {
+                       p.query = path_query;
+                       snprintf(path_query, sizeof(path_query), "%s",
+                                pathptr + 1);
+               }
 
                /* urldecode component w/o query */
                if (pathptr > url) {
@@ -734,14 +739,13 @@ static int field_len(const char *ptr)
        _field(phys) \
        _field(name) \
        _field(info) \
-       _field(query) \
-       _field(auth)
+       _field(query)
 
 static void
 uh_defer_script(struct client *cl, struct dispatch_handler *d, struct path_info *pi)
 {
        struct deferred_request *dr;
-       char *_root, *_phys, *_name, *_info, *_query, *_auth;
+       char *_root, *_phys, *_name, *_info, *_query;
 
        cl->dispatch.req_free = uh_free_pending_request;
 
@@ -795,7 +799,7 @@ static bool __handle_file_request(struct client *cl, char *url)
        struct dispatch_handler *d;
        struct blob_attr *tb[__HDR_MAX];
        struct path_info *pi;
-       char *user, *pass;
+       char *user, *pass, *auth;
 
        pi = uh_path_lookup(cl, url);
        if (!pi)
@@ -805,14 +809,15 @@ static bool __handle_file_request(struct client *cl, char *url)
                return true;
 
        blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
-       if (tb[HDR_AUTHORIZATION]) {
-               if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass))
-                       return true;
 
-               if (user && pass) {
-                       blobmsg_add_string(&cl->hdr, "http-auth-user", user);
-                       blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
-               }
+       auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL;
+
+       if (!uh_auth_check(cl, pi->name, auth, &user, &pass))
+               return true;
+
+       if (user && pass) {
+               blobmsg_add_string(&cl->hdr, "http-auth-user", user);
+               blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
        }
 
        d = dispatch_find(url, pi);