X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=c24678167adb9dbbb2efc9f3c265e76457b06693;hb=75b9743b95672218a61811b03433c0ab6e00ec5c;hp=19d286906f6bf44fbb7c12eeabe9aece740b67f4;hpb=84814a7d41c3e17aff69096fa00735d375367add;p=matches%2FMCTX3420.git

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 19d2869..c246781 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -548,7 +548,7 @@ char *FCGI_EscapeText(char *buf)
 char *FCGI_URLDecode(char *buf)
 {
 	char *head = buf, *tail = buf;
-	char hex[3] = {0};
+	char val, hex[3] = {0};
 
 	while (*tail) {
 		if (*tail == '%') { //%hh hex to char
@@ -556,7 +556,9 @@ char *FCGI_URLDecode(char *buf)
 			if (isxdigit(*tail) && isxdigit(*(tail+1))) {
 				hex[0] = *tail++;
 				hex[1] = *tail++;
-				*head++ = (char)strtol(hex, NULL, 16);
+				char val = (char)strtol(hex, NULL, 16);
+				//Control codes --> Space character
+				*head++ = (val < 0x20) ? 0x20 : val;
 			} else { //Not valid format; keep original
 				head++;
 			}
@@ -591,10 +593,8 @@ void * FCGI_RequestLoop (void *data)
 		//strncpy doesn't zero-truncate properly
 		snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
 		
-		//Read from post body. If not empty, try GET instead.
-		if (fgets(params, BUFSIZ, stdin) == NULL || *params == '\0') {
-			snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
-		}
+		//Get the GET query string
+		snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
 		//URL decode the parameters
 		FCGI_URLDecode(params);
 
@@ -653,6 +653,13 @@ void * FCGI_RequestLoop (void *data)
 				//Escape all special characters.
 				//Don't escape for login (password may have special chars?)
 				FCGI_EscapeText(params);
+			} else { //Only for Login handler.
+				//If GET data is empty, use POST instead.
+				if (*params == '\0') {
+					Log(LOGDEBUG, "Using POST!");
+					fgets(params, BUFSIZ, stdin); 
+					FCGI_URLDecode(params);
+				}
 			}
 
 			module_handler(&context, params);