Fix brief string

[matches/MCTX3420.git] / server / fastcgi.c

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 19d2869..6006322 100644 (file)
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -164,7 +164,6 @@ bool FCGI_LockControl(FCGIContext *context, const char * user_name, UserType use
  * the key) has control or not. If validated, the context control_timestamp is
  * updated.
  * @param context The context to work in
- * @param key The control key to be validated.
  * @return TRUE if authorized, FALSE if not.
  */
 bool FCGI_HasControl(FCGIContext *context)
@@ -386,7 +385,6 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code)
  * Generic accept response in JSON format.
  * @param context The context to work in
  * @param description A short description.
- * @param cookie Optional. If given, the cookie field is set to that value.
  */
 void FCGI_AcceptJSON(FCGIContext *context, const char *description)
 {
@@ -510,7 +508,7 @@ void FCGI_WriteBinary(void * data, size_t size, size_t num_elem)
 /**
  * Escapes a string so it can be used safely.
  * Currently escapes to ensure the validity for use as a JSON string
- * Does not support unicode specifiers in the form of \uXXXX.
+ * Does not support unicode specifiers in the form of \\uXXXX.
  * @param buf The string to be escaped
  * @return The escaped string (return value == buf)
  */
@@ -548,7 +546,7 @@ char *FCGI_EscapeText(char *buf)
 char *FCGI_URLDecode(char *buf)
 {
        char *head = buf, *tail = buf;
-       char hex[3] = {0};
+       char val, hex[3] = {0};
 
        while (*tail) {
                if (*tail == '%') { //%hh hex to char
@@ -556,7 +554,9 @@ char *FCGI_URLDecode(char *buf)
                        if (isxdigit(*tail) && isxdigit(*(tail+1))) {
                                hex[0] = *tail++;
                                hex[1] = *tail++;
-                               *head++ = (char)strtol(hex, NULL, 16);
+                               val = (char)strtol(hex, NULL, 16);
+                               //Control codes --> Space character
+                               *head++ = (val < 0x20) ? 0x20 : val;
                        } else { //Not valid format; keep original
                                head++;
                        }
@@ -591,10 +591,8 @@ void * FCGI_RequestLoop (void *data)
                //strncpy doesn't zero-truncate properly
                snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
                
-               //Read from post body. If not empty, try GET instead.
-               if (fgets(params, BUFSIZ, stdin) == NULL || *params == '\0') {
-                       snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
-               }
+               //Get the GET query string
+               snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
                //URL decode the parameters
                FCGI_URLDecode(params);
 
@@ -653,6 +651,13 @@ void * FCGI_RequestLoop (void *data)
                                //Escape all special characters.
                                //Don't escape for login (password may have special chars?)
                                FCGI_EscapeText(params);
+                       } else { //Only for Login handler.
+                               //If GET data is empty, use POST instead.
+                               if (*params == '\0') {
+                                       Log(LOGDEBUG, "Using POST!");
+                                       fgets(params, BUFSIZ, stdin); 
+                                       FCGI_URLDecode(params);
+                               }
                        }
 
                        module_handler(&context, params);